Friday, September 5, 2014

Home Depot Was Hacked

"Home Depot probes possible credit card data breach" by Anne D’Innocenzio | Associated Press   September 03, 2014

NEW YORK — Home Depot may be the latest retailer to suffer a credit card data breach.

The Atlanta-based home improvement retailer said Tuesday that it is looking into ‘‘unusual activity’’ and working with both banks and law enforcement.

**************

Many retailers have had security walls broken in recent months, including Target, grocery store chain Supervalu, P.F. Chang’s, and the thrift store operations of Goodwill.

Why them?

The rash of breaches has rattled shoppers’ confidence in the security of their personal data and pushed retailers, banks, and card companies to increase security by speeding the adoption of microchips into US credit and debit cards.

(Blog editor shaking his head at the further advancement of the total $urveillance $tate over self-inflicted incidents since the US and Israel employ most of the hackers)

Supporters say chip cards are safer because, unlike magnetic strip cards that transfer a credit card number when they are swiped at a point-of-sale terminal, chip cards use a one-time code that moves between the chip and the retailer’s register. The result is a transfer of data that is useless to anyone except the parties involved. Chip cards are also nearly impossible to copy, specialists say.

And some $ecurity $oftware firms are going to get a contracts! 

The possible data breach at Home Depot was first reported by Brian Krebs of Krebs on Security, a website that focuses on cybersecurity. Krebs said multiple banks reported ‘‘evidence that Home Depot stores may be the source of a massive new batch of stolen credit and debit cards.’’

Krebs said the party responsible for the Home Depot breach may be the same group of Russian and Ukrainian hackers suspected in the Target breach last year. Krebs broke the news of Target’s breach.

You know, I somehow knew they were going to be blamed. 

The target is Organized Crime then?

Target Corp., based in Minneapolis, is still trying to get beyond its massive breach that occurred late last year and hurt sales, profits, and its reputation with customers.

They are still making hundreds of millions of dollars per quarter with sales growing (or so I was told).

It has been overhauling its security department and systems and is accelerating its $100 million plan to roll out chip-based credit card technology in all of its nearly 1,800 stores.

New payment terminals will appear in stores by this month, six months ahead of schedule. In April, the retailer said it teamed up with MasterCard to issue branded Target payment cards equipped with chip technology by early 2015.

In its data breach, 40 million credit and debit card accounts were compromised and hackers stole personal information from up to 70 million customers.

Walmart Stores Inc. is sending customers who have a store credit card a chip-enabled MasterCard, while its Sam’s Club division introduced a chip-enabled MasterCard in June. The company has chip-enabled check-out terminals in 4,600 stores, and terminals in the remaining US stores will be activated before the end of the year. 

Carry that in your wallet or purse, do you? No need to chip the body.

In a separate statement Tuesday, Goodwill said its customers’ credit and debit card numbers had been stolen at more than 300 stores in 19 states and Washington, D.C., from February 2013 through Aug. 14. Goodwill blamed the security lapse on an unidentified contractor’s payment processing system. Reports about fraud linked to shoppers’ cards have been ‘‘very limited,’’ Goodwill said.

--more--"

"Data thefts hit 1.2 million Mass. residents in 2013" by Deirdre Fernandes | Globe Staff   September 04, 2014

Nearly one in five Massachusetts residents had their personal or financial information stolen in data breaches last year, a figure driven by a massive data theft at Target Corp. stores, according to a state report set for release Thursday, as cybercrime becomes more frequent, sophisticated, and malicious.

Something only an organized effort could achieve, like a government.

On Tuesday, Home Depot Inc. acknowledged it was reviewing a possible security breach of credit and debit card information that one analyst said could be larger than Target’s.

In addition, the New York financial giant JPMorgan Chase & Co. and the parent of grocery stores Shaw’s and Star Market have said in the past month that they are investigating potential cyberthefts.

Yeah, I was told Russia did it, although in the second case it might be someone else who shall curiously remain nameless but are akin to the corporate equivalent of benchwarmers, collecting tens of thousands of dollars weekly to stand on the sidelines (or teachers in Boston) as "relations with the reinstated staff are both awkward and frosty."

"According to Steve Paulenka, a facilities and operations supervisor who organized protests during the six-week work stoppage at Market Basket, a store in Athol is nearly complete but the distance of the Attleboro and Athol stores from other Market Basket locations could make staffing more difficult. Each store would need about 400 employees, who would be trained at existing supermarkets in the chain. The closest Market Basket to both Attleboro and Athol is about 15 miles away."

I smell a job!

******************

Consumer advocates and security specialists say thieves are seeking new portals to access everything from Social Security numbers to credit card data, targeting unsuspecting organizations, such as colleges and universities.

And they are succeeding.

Does anyone out there for a second think that it is possibly the NSA scooping up everything That cross your mind, because it did mine.

***************

Criminals are finding it easier and cheaper to get their hands on the technology to break into a company’s network and exploit flaws, said Rik Ferguson, vice president of security research at Trend Micro, an international security software company.

I wonder who is making money off both sides of that fence. It's the 21st-century drug war in cyber$pace.

Fortune 500 companies aren’t the only ones susceptible to data breaches.

Banks, health care companies, restaurants, and colleges all reported compromises of customer data last year, according to the state report.

Like a big dragnet.

In some cases, the information was lost because employees sent private information to the wrong address, exposed tax identification numbers through an envelope window, or lost a laptop with personal consumer information.

But in most cases, companies were victims of a malicious attack, according to the report.

Last fall, Briar Group, a restaurant chain with locations in some of Boston’s most bustling neighborhoods, said that cyberthieves had captured customer names, credit card numbers, expiration dates, and security information from the magnetic strips of credit and debit cards.

I would change your codes if you come and stay in Boston.

Boston Police Department investigators estimated the breach hit hundreds of the chain’s customers, including people attending conventions in Boston.

“No company is too small for this to happen to them,” said Andy Obuchowski, the head of security and privacy in the northeast region for the Chicago-based accounting firm McGladrey LLP.

Colleges, universities, and school districts, which collect a trove of personal information about students, from Social Security numbers to parents’ bank accounts, have become more frequent targets.

But you are to be more concerned with staged and scripted hoax shootings that push forward the gun control agenda, parents.

*********************

Edgar Dworsky, who is the founder of the website ConsumerWorld.org, based in Somerville, said he worries that data breaches are becoming so common that it may lead consumers to shrug off the risks.

As a result, they may stop checking bank accounts and credit card statements frequently or applying for the monitoring services, he said.

“Because these breaches are happening more and more . . . consumers are becoming numb,” Dworsky said.

Yo-yo propaganda that requires constant fear will do that.

And here I thought it was Low T.

“The only thing the consumer can do is be vigilant,” he added.

Or not use those things. Leave only enough in the bank to cover a check and cut up the credit cards. Go to a CASH ONLY policy.

--more--"

"Home Depot CEO: Probe of possible breach continues" AP September 05, 2014

NEW YORK — Home Depot’s outgoing chief executive, Frank Blake, told investors Thursday that the nation’s largest home-improvement chain continues to investigate a potential data breach at the company and reassured them that customers will not be liable for any fraudulent charges.

In his first public comments about the issue, Blake did not confirm that a breach had actually happened, but he said Home Depot found out about a possible data theft early Tuesday.

He told the Goldman Sachs Global Retailing Conference that companies in this situation have a choice: to wait or ‘‘communicate the facts as you know them.’’

‘‘We chose the latter path,’’ he said.

He said Home Depot will be activating chip-enabled checkout terminals by the end of the year. That technology helps makes transactions more secure.

On Wednesday, Home Depot said that it had hired the security firms Symantec and FishNet Security to help it investigate the possible hacking attack.

The possible breach was first reported by Brian Krebs of Krebs on Security, a website. Krebs said multiple banks reported ‘‘evidence that Home Depot stores may be the source of a massive new batch of stolen credit and debit cards’’ that went on sale on the black market Tuesday. 

I want to cancel all my credit cards, please. Yes, I'll hold.

--more--"

This next hack hits home:

"Hackers breach security of a health exchange server" by Robert Pear and Nicole Perlroth | New York Times   September 05, 2014

WASHINGTON — Hackers breached security at the website of the government’s health insurance marketplace, HealthCare.gov, but did not steal any personal information on consumers, Obama administration officials said Thursday.

That is the last straw! They gotta scrap that thing. Issue a waiver and say to hell with it. Go back to the drawing board and write something that will work this time (like a bank ATM). If it is vulnerable to hacking it is a pos.

The administration informed Congress of the violation, which it described as “an intrusion on a test server” supporting the website.

“Our review indicates that the server did not contain consumer personal information, data was not transmitted outside the agency, and the website was not specifically targeted,” said Aaron Albright, a spokesman at the Centers for Medicare and Medicaid Services, which runs the website. “We have taken measures to further strengthen security.”

The test server should not have been connected to the Internet, Albright said, and it came from the manufacturer with a default password that had not been changed.

I don't care about the lame, CYA excuses anymore! Shut it down!

The security of HealthCare.gov, which serves residents of 36 states, has been a major concern for some members of Congress, particularly Republicans.

It SHOULD CONCERN US ALL!

Congressional investigators found that administration officials, eager to begin enrollment on Oct. 1, activated the website even though its security had not been fully tested and did not meet federal standards. This created a potentially “high risk” for the exchange, according to a memorandum prepared by security experts at the Medicare agency. 

Okay, this is the government scooping all your shit (literally) but they can't protect anything, then break the law to shove this forward when told not ready. This Obama is an Obummer.

Since then, administration officials have repeatedly reassured consumers that the problems were fixed.

I was thinking I was a patient, not a con$umer, but when I think about it most of the health articles are my bu$ine$$ $ection.

The attack was noticed by federal employees on Aug. 25. Hackers downloaded malicious software onto a test server of HealthCare.gov as part of a broader denial-of-service attack, intended to cripple other websites.

That's not healthy.

--more--"

It also hits the wallet!