Data Spill
An employee of the gas giant BP PLC reportedly lost a laptop containing
The laptop was password-protected, but the information was not encrypted. BP sent letters to 13,000 people whose names were on the computer offering to pay for credit monitoring services.
The names were stored on a spreadsheet that reportedly contained Social Security numbers, phone numbers and addresses. A BP spokesman told the Times he had no indication the data had been misused.
Unfriendly Skies
A Deutsche Lufthansa AG stewardess
The ring reportedly disassembled old euro coins that had been taken out of circulation in Germany and smuggled them to China as scrap metal. The suspects then allegedly reassembled the coins and exchanged them at Germany's Bundesbank between 2007 and 2010. According to the report, Frankfurt authorities recently conducted a number of predawn raids in Frankfurt that led to the arrest of six people, including four Chinese nationals.
The stewardess was carrying thousands of one- and two-euro coins in a duffle bag, according to customs officials. Airline employees do not have weight restrictions for their bags, Reuters reported. Other employees of Lufthansa may be involved, according to the report. Employees of the Bundesbank have not been implicated.
Graft Cards
Kaspersky Lab ZAO has spotted a new
The malware, delivered through an executable file, encrypts users' personal files including photos, documents and spreadsheets, and holds them hostage. The virus also displays this warning on users' desktops:
"Attention!!! All your personal files (photo, documents, texts, databases, certificates, video) have been encrypted by a very strong cypher RSA-1024. The original files were deleted. You can check — just look for files in all folders. There is no possibility to decrypt these files without a special decrypt program! Nobody can help you — even don't try to find another method or tell anobody [sic]. Also after n [sic] days all encrypted files will be completely deleted and you will have no chance to get it back."
Unlike previous years, the virus encourages computer owners to purchase a Ukash or PSC prepaid card for $125 via an email, which criminals claim will unlock their files. In the past, the virus urged consumers to send money through text messages. Security researchers are urging victims not to send money, but to use backup files to replace those lost instead.
Open, Sesame
A hacker in Kansas City, Mo., exploited one of the easiest security weaknesses known to the banking industry and stole close to $700,000 from victims in an area from California to New Jersey, according to
Prosecutors in U.S. District Court in Kansas City said Monday that Sael Mustafa, 42, was able to hack into the bank accounts of more than 250 people who reused passwords for multiple websites, including their bank accounts.
Mustafa has pleaded guilty to aiding and abetting mail fraud, and prosecutors are seeking a 15-year sentence, the article said.
Mustafa's crime began to unravel when security officials from a local supermarket chain, Hy-Vee Inc., contacted authorities in April 2009 about suspicious purchases of gift cards. Authorities contacted postal inspectors, who in turn contacted people who had reported their credit card information had been stolen and used to make unauthorized purchases, the Star reported.
Mustafa had some of the gift cards delivered to his home address in April 2009, where police arrested him and two co-conspirators. Authorities also seized computers, records and files from his home.
One of the co-conspirators testified Monday that Mustafa had hacked into accounts of several area businesses, including a restaurant chain that offered a newsletter that customers signed up for using email addresses, passwords and by answering reminder questions. The co-conspirator said she traveled to Jordan with Mustafa, where she watched him hack into accounts at an Internet cafe.
Armed with the passwords and email addresses, Mustafa was able to log on to many bank websites to access credit card information. He then stole hundreds of thousands of dollars by purchasing gift cards, airline tickets, and by making wire transfers to overseas accounts, the Star reported.
Buzz-Saw
Google Inc. has tentatively reached a
The agency claimed that Google did not properly inform consumers of the opt-out procedures when Buzz launched.
Gmail users got a message that asked them to click on boxes that said "Sweet! Check out Buzz," or "Nah, go to my inbox." The FTC maintains that many users who clicked on the latter were nonetheless signed up for the service.
Those who agreed to sign up, the FTC said, were not fully informed that the names of people they emailed most frequently would be posted publicly. Publicizing email recipients might help phishers and hackers trying to gather information from social network sites.
The settlement would bar Google from misrepresenting the privacy and confidentiality of its customers' information, or from misrepresenting its adherence to U.S.-EU Safe Harbor and other privacy, security and compliance programs.
The Mountain View, Calif., company also would have to get user consent before it can share information with third parties and maintain a comprehensive privacy program for the next 20 years.
Security Watch is a weekly roundup of news and developments in data security and their impact on financial services companies.
Please e-mail us any
