BreachExchange mailing list archives
Forget hackers, Indian call center workers may be stealing your financial data
From: security curmudgeon <jericho () attrition org>
Date: Fri, 23 Mar 2012 19:57:09 -0500 (CDT)
http://www.itworld.com/security/261506/forget-hackers-indian-call-center-workers-may-be-stealing-your-financial-data Forget hackers, Indian call center workers may be stealing your financial data Undercover reporters offered data on debit cards, mortgages, credit and other intimate customer info By Kevin Fogarty March 23, 2012, 11:37 AM - Hackers and hacktivists may be responsible for more data breaches than insiders, cybercrimes may be getting easier to commit - according to the FBI, at least - and the Internet may have become such a bad neighborhood that it requires not one, but two oppressively harsh, unrealistically broad bills in Congress to combat it. That doesn't mean light fingers have no place in the world of crime anymore; even crime involving identity and data theft. According to a story in the U.K.'s Daily Mail, workers at several call centers in India have been making money on the side by recording as many as 45 separate points of data on half a million British customers and selling them for as little as two pence per record. The information includes names, debit and credit-card numbers (along with expiration dates and CCV/CVV codes), medical and financial records. Reporters from the Sunday Times uncovered the scheme by going undercover as buyers. Two men calling themselves "IT consultants" claimed to have been selling the information for so long they could tell which banks issued a credit card simply by looking at the number. They said they could also get data on mortgages, loans, insurance policies, cell-phone contracts and other accounts, most less than 72 hours old. [..] _______________________________________________ Dataloss Mailing List (dataloss () datalossdb org) Archived at http://seclists.org/dataloss/ Unsubscribe at http://datalossdb.org/mailing_list Supporters: Risk Based Security (http://www.riskbasedsecurity.com/) Risk Based Security equips organizations with security intelligence, risk management services and on-demand security solutions to establish customized risk-based programs to address information security and compliance challenges. Tenable Network Security (http://www.tenable.com/) Tenable Network Security provides a suite of solutions which unify real-time vulnerability, event and compliance monitoring into a single, role-based, interface for administrators, auditors and risk managers to evaluate, communicate and report needed information for effective decision making and systems management.
Current thread:
- Forget hackers, Indian call center workers may be stealing your financial data security curmudgeon (Mar 28)