Heavy Heist
Thefts of entire automated teller machines are becoming more common, and the more forceful the theft,
Thieves that stole a machine from First State Bank of Albany in Georgia managed to also damage the cameras that would have recorded their heist, The Atlanta Journal-Constitution reported Sept. 7.
"We are going to review the bank's security footage, but some of the cameras were also damaged, so we don't know what we'll find — if anything," said Phyllis Banks, a spokeswoman for the Albany Police Department.
The theft was reported by a bank customer who wanted to withdraw cash but found that all that was left of the ATM was "a gaping hole and broken bricks," the story said.
The theft came just a few days after a separate ATM theft in Georgia was thwarted. In that incident, police interrupted the theft as it was taking place and arrested the suspects, who police said were attempting to escape in a Dodge Durango with an ATM, after the vehicle crashed. The ATM in that incident was recovered.
The ATM maker NCR Corp. described a number of security measures it offers that can help banks fight ATM theft, the article said.
Its machines can be built to withstand explosive blasts, and can also be built with sensors that set off an alarm when a machine is removed or douse the cash inside with ink to ruin it.
ID Theft Packaged
Gemma Meadows is in an odd position: her name and address are being used by fraudsters, but her bank accounts are not — leading her to receive countless packages from mail-order retailers,
Only once was Meadows, an optometrist in Virginia, subjected to a fraudulent charge. Her bank, Bank of America Corp., caught it in June and reversed it, and Meadows replaced the card, msnbc.com's Bob Sullivan reported in his "The Red Tape Chronicles" column Tuesday.
That card number was no longer valid, but Meadows' other personal information had not changed — and card scammers went to town using Meadows' address for fraudulent orders.
No one ever came by to pick up the packages — night-lights, T-shirts, coffee and movies — that were ordered in Meadows' name.
She diligently set about returning each package to the vendor that sent it, and learned that some of them had already suspected that the orders were risky because they were placed online from a far-flung Internet Protocol address, she said.
Fraud investigator Julie Ferguson of the fraud detection company Ethoca told Sullivan that what is most likely happening is scammers are using Meadows' address to determine the effectiveness of online merchants' fraud-checking systems.
"These people are testing merchants, trying to figure out what triggers the fraud rules," Ferguson said.
The scammers know that using a foreign IP address is risky, but they want to see if merchants are willing to overlook that if other factors, such as the recipient's home address or a low-dollar amount for the purchase, are considered safe enough to offset the red flag.
In recent days, the orders "abruptly stopped," Sullivan wrote.
Ferguson said that this could be for a number of reasons. Perhaps Meadows' work has paid off, and the fraudsters no longer consider her information useful.
Or perhaps, she suggested, the bad guys are just on vacation.
Big Breach Fine
A hospital in California that took more than the legally mandated five days to disclose a breach
The Lucile Packard Children's Hospital at Stanford University was assessed the fine by the California Department of Public Health, which said the 19 days the hospital took to disclose the breach was too long, Computerworld reported Sept. 10. The law allows for a fine of $100 per record per day, with a maximum fine of $250,000 altogether. The hospital is appealing the fine.
The breach took place on Jan. 11 when a computer with the personal information of 532 patients was stolen by an employee. Before the theft, the employee was authorized to access the patient information that was on the computer.
The hospital determined on Feb. 2 that the computer had sensitive information, including Social Security numbers, and notified the CDPH on Feb. 19, according to a time line the agency provided. Patients were informed a week after that.
The hospital said that it believes it reported the incident in an appropriate amount of time.
Lucile Packard is the sixth hospital to be fined this year for a data breach, the story said.
A Bit Too Open
Apple Inc.'s new social network for music, Ping,
Any blogging or social media system that provides a platform for Internet users to add their own comments is quickly overrun by spammers and scammers unless a dedicated content-filtering system is in place, The New York Times wrote on its Gadgetwise blog Sept. 3.
Some of these spam comments are harmless product pitches, but others can be ruses to get people to download malicious software that can steal online banking credentials.
Apple launched Ping this month as a way for its customers to share their music tastes with one another.
Through Apple's iTunes digital media store, users can also view the Ping accounts of prominent performers and write comments on their Ping profiles.
Sophos PLC, the security firm that highlighted the issue with Ping, said that it has not yet observed any malicious software being distributed through this system, but speculated on its blog that Apple was not prepared to deal with such threats when Ping launched.
Another firm, Websense Inc., told the Times that the closed nature of Ping, which is accessed through iTunes software instead of a Web browser, may make it a less desirable target for scammers.
For example, Ping profiles are not indexed by search engines, whereas many blogs are.
An Apple representative did not comment for the Times story.
Security Watch is a weekly roundup of news and developments in data security and their impact on financial services companies.
Please e-mail us any
