Updated every Tuesday. Links may require registration/subscription.
Password Problems
Despite a widely publicized scam last year that took advantage of easily available default ATM passwords, a machine whose owner had
Using the default master password "123456" on an ATM in a Derry, Pa., store, a couple is suspected of having tricked the machine into thinking that the $20 bills it was dispensing were $1 bills. They withdrew $1,540 on two visits, Wired News reported online Thursday. Police are investigating the theft, but no arrests had been made, the report said.
The ATM was made by Triton Systems of Delaware Inc.
The Triton ATM used in the Derry store had two passwords. Vince Mastrorocco, the store owner, said he changed the administrative password when he first got the machine three years ago. However, he said that he rarely used the master password and did not change it until after the theft.
"I don't know anything about an ATM," he said. "I put money into it, people take it out, and I get a reading at the end of the day." He said he was aware of the master password because Cardtronics Inc., the Houston company that operates the machine, once gave it to him by phone.
The robberies have changed Mr. Mastrorocco's security habits, he said. "I've changed it twice since then. I'm paranoid now. I'll probably do it again tonight."
Exposures
Disney fans who signed up for some mail-order movie magic may have narrowly avoided card fraud.
An employee of Alta Resources Inc., the card processor that handles orders for Walt Disney Co.'s Disney Movie Club, a mail-order movie buying service, has been arrested for
The suspect was arrested in a federal undercover sting for allegedly trying to sell names, addresses, credit card numbers, and expiration dates.
A spokesman for Buena Vista Home Entertainment, the Disney unit that manages the mail-order movie club, said it has fewer than one million members and not all of those who have paid by credit card were affected by the alleged data theft.
Disney did not name the suspect in a letter it sent to the affected customers but said he no longer works for Alta. However, the newspaper reported that David Haltinner, 25, of Wisconsin was arrested May 24 in connection with the Disney case and charged in Nashville with access-device fraud, a federal felony. The details of the complaint are sealed, it said.
Eric Maehara, the Buena Vista spokesman, said Alta has processed card payments for the movie club for more than 10 years and is certified under the payment card industry data security standard.
Updates
The number of people affected by an
The total was repeatedly updated as the state reviewed the data it believes was on a tape stolen from an intern's car June 2. The investigation is still under way, so the number could grow from the figure disclosed last week, Ohio Gov. Ted Strickland said.
Since the tape's theft, three cases of identity theft have been reported to the State Highway Patrol, though investigators said they do not think they are related, Col. Richard Collins told the Associated Press for an article that ran Thursday.
The state had previously required that a rotating roster of employees take the data home as a security measure. Gov. Strickland said this practice has been discontinued and he is encouraging more use of data encryption.
Four people were arrested in Florida this month on charges of trying to use card data
The alleged fraudsters were found with 200,000 stolen credit card account numbers that the Secret Service said had been used to fraudulently amass more than $75 million. The card numbers found fall far short of the estimated 45 million records exposed in the TJX breach but exceeds the 180,000 records exposed in a breach at Polo Ralph Lauren in 2005, InformationWeek reported Thursday.
The arrests stemmed from information received from a suspect arrested this year by the Secret Service's Miami Electronic Crimes Task Force, the report said. The four are suspected of buying the stolen card numbers from Eastern Europe and using them to create counterfeit cards.
These arrests capped a separate series of arrests by the Florida Department of Law Enforcement in March, targeting people who allegedly used counterfeit cards made with data from the TJX breach to buy gift cards from Wal-Mart Stores Inc.
Talent Search
Burglars reportedly consulted the Internet, mid-break-in, for directions on opening a Colorado Springs indoor amusement center's safes.
"They're
The burglars, who police said made off with $12,000 and some computer equipment after the June break-in, remained at large by the time the article ran.
Though they had the safes' combinations, they apparently did not know how to use them. The report said they used a computer at the business to access Google Inc.'s search engine and scan for instructions on "how to open a safe" and "how to crack a safe."
The trip to the computer room was caught on camera, despite the burglars' attempts to obscure the lens using several squirts of WD-40. The machine lubricant slid right off the glass, the report said.
"The first few times it actually cleaned the lens and made it a better picture," Detective Ackerman said.
The burglars displayed such familiarity with their surroundings that police said they suspect it was an inside job.
Managers at the amusement center, Bigg City, said they are reviewing their security procedures, such as how they guard safe combinations.
Security Watch is a weekly roundup of news and developments in data security and their impact on financial services companies.
Please e-mail us any
