What's the Damage?
Update: There are
Sony Corp. has yet to determine the extent of a
The PlayStation network was reportedly shut down by an outside attack over the weekend, but the company has provided little more information other than to qualify it as an "external intrusion."
Sony's PlayStation Network is used for online gaming and sales of games for PlayStation 3 and PlayStation Portable. It also sells movies and television shows for viewing on those devices, and supports streaming for Netflix customers.
Qriocity is Sony's own music and movie streaming service, which can be used with other Sony devices, such as its Bravia televisions.
Users who do not wish to enter payment data for PSN purchases may buy credit on cards in stores.
PC World reported the shutdown is the most serious one the network has faced since it began operating in 2006.
Phone Tag
Google Inc.'s Android phones and Apple Inc.'s iPhones just can't help themselves: They have been found to spy on the whereabouts of users — even, in the case of the iPhone, after location detection devices have been turned off, according to
The phones gather this information, the earlier story suggests, to help the companies participate in the nearly $3 billion market for location-based services, which is expected to grow to nearly $9 billion by 2014.
According to the story, one HTC Android phone studied collected the name, location, signal strength of nearby Wi-Fi networks and the phone's identifying number every few seconds. It transmitted this information back to Google several times an hour.
The iPhone appears to gather and send information more sporadically, though it gathers comprehensive data on an owner's whereabouts for months and stores it on the phones in unencrypted format, the story said.
The security of customer phone data is important to bankers who want to make sure their customers' own mobile transactions are not intercepted or hijacked by hackers, or stored inadvertently on phones.
The revelations came months after news that the same brands of smartphones allow applications to store and transmit data about users to marketing companies.
More or Less
There were more data breaches but fewer records stolen in 2010 than in previous years, according to the 2011 Data Breach Investigations
The report lists 761 data breaches and 3.8 million records compromised in 2010, compared with 141 breaches and 144 million records affected in 2009.
The report speculates there may be fewer massive data breaches, but more breaches in general, as criminals go after small businesses and other softer targets because they tend to have weaker security precautions.
Hack attacks were responsible for nearly 90% of compromised data; malware was responsible for nearly 80% of data stolen.
Malware was used to send data to remote servers, open up back doors in networks and to install keystroke loggers and other spyware, and to disable or interfere with security controls, according to the report.
Hack attacks exploited back doors, command and control channels, guessable passwords and other credentials, the report said.
Check's in the Email
Could person-to-person payment be vulnerable to the same type of attack that befell Epsilon?
In April an outside hack attack against the third-party email marketer exposed the names and email addresses of potentially millions of bank customers as well as the customers of some of the nation's biggest companies.
According to an April 25 post on the Federal Reserve Bank of Atlanta's Portals and Rails
Such services typically ask either the sender or the recipient of the cash to enter information that could include bank account and routing numbers, passport, driver's license or Social Security numbers, online banking usernames and passwords.
Additionally, the blog points out, users must agree to the terms of service and privacy policy of the financial institution. That could mean some of the information gets shared with other companies, including third-party marketing concerns.
Epsilon is a unit of Alliance Data Systems Corp. of Plano, Texas.
Hackett the Hacker
Hacker Rogelio Hackett Jr. of Lithonia, Ga., who reportedly stole nearly 700,000 credit card numbers and was indirectly responsible for more than $36 million in fraudulent transactions, pleaded guilty April 21 to one count of access-device fraud and one count of aggravated identity theft in U.S. District Court in Virginia, according to an
Hackett was arrested in 2009, and admitted to hacking computers since the late 1990s. He turned to the lucrative credit card market in 2002, when he began stealing bank card data by SQL injection.
SQL injections exploit vulnerabilities at the database layer of an application. In one instance, Threat Level reported, Hackett breached a database for an online ticket-sales entity in 2007, stealing 360,000 credit card numbers.
He reportedly charged up to $25 per account number and netted about $800 a month through such activities. His crime spree ended after he sold 40 stolen credit card numbers to an undercover Secret Service agent for $1,100.
For those who wonder how long stolen information can still be useful, authorities found on Hackett's computer credit card data that in some cases had been stolen two years earlier.
Hackett is scheduled for sentencing in July, and he faces up to 12 years in prison and $500,000 in fines.
He also must make a still-undetermined restitution of the estimated $36 million in losses.
Security Watch is a weekly roundup of news and developments in data security and their impact on financial services companies.
Please e-mail us any
