[Dataloss] BoA breach - possible Wal-Mart connection?
Chris Walsh
cwalsh at cwalsh.org
Sat Feb 11 21:05:43 EST 2006
And to be specific, is it Sam's Club, which was reported as being
breached in early December 2005, and where Wal-Mart denied that a
computer system of theirs had been compromised? Where Gartner and
American Banker chided Visa and MC for hordeing info and playing
favorites? Where PCI standards were not followed and stripe data
were stored? Wow.
The connection between the BofA/Wamu/Wells Fargo card reissues, and
the earlier one by Regions Bank, and the months earlier ones by the
Alabama Credit Union, et. al. is one I semi-drew (http://
www.emergentchaos.com/archives/002414.html). I didn't think there
was enough to pin it on Sam's Club, especially since BofA said a
processor wasn't involved. How would a retailer lose so much info,
especially since reports in December were that the detected frauds
likely were from customers who bought gasoline at Sam's Club?
Sam's Club said this on 12/2/2005 (http://www.prnewswire.com/cgi-bin/
stories.pl?ACCT=104&STORY=/www/story/12-02-2005/0004227070):
" SAM'S CLUB stressed that the electronic systems and
databases used inside its stores and for http://samsclub.com are not
involved."
So, databases "inside its stores" and the web site didn't get
penetrated. That leaves, uh, POS devices, and....dare I say
it...*wireless*? If we find out that they got p0wned via wireless
(a la Lowes, back in 2003?) I will fall off my chair.
This could be huge. Wal-Mart wants to get into the banking business,
and (if true) this isn't exactly a ringing endorsement.
Early in December, I had some fun with ID Analytics and used their
numbers to argue that this breach would have exposed 600,000
accounts. It doesn't seem like fun, now.
On Feb 11, 2006, at 6:54 PM, lyger wrote:
>
>
> Bank Card Reissues May Be Linked to Wal-Mart Breach
>
> By Paul F. Roberts and Matt Hines <mailto:matt_hines at ziffdavis.com>
> February 10, 2006
>
> In what appears to be a widening incident, Bank of America,
> MasterCard and
> Visa all announced this week that they have been informed of a
> potential
> security breach at a U.S.-based retailer.
>
> The companies refused to name the retailer involved, but at least
> one bank
> said that systems belonging to Wal-Mart Stores, the world's largest
> retailer, may be to blame.
>
> http://security.ithub.com/article/Bank+Card+Reissues+May+Be+Linked
> +to+WalMar
> t+Breach/171328_1.aspx
>
> _______________________________________________
> Dataloss mailing list
> Dataloss at attrition.org
> https://attrition.org/mailman/listinfo/dataloss
More information about the Dataloss
mailing list