This week the spotlight has been on consumers in the US who have fallen victim to fraudsters in a scam that exposed 4.2 million credit and debit card numbers belonging to supermarket customers, says Brett Myroff, CEO of Sophos distributor, Netxactics.
"This type of security breach should alert consumers to the reality of credit card fraud and businesses to their own level of PCI compliance," he says. Sophos urges consumers to check their statements for unauthorised transactions, and advised businesses to ensure they are doing everything they can to ensure compliance.
This advice follows the announcement by the Hannaford supermarket chain that hackers gained access to details of credit cards used by customers between December 2007 and early March 2008.
Hannaford has 165 grocery stores in the New England area of the US. Another affected highstreet name, Sweetbay, has 106 supermarkets in Florida. According to media reports, the Secret Service is investigating and approximately 1 800 fraud cases have already been reported as a result of the incident.
"These customers have been the victims of a criminal heist. All big businesses must defend their systems from this type of intrusion or risk undermining customer confidence.
"Consumers, meanwhile, need to keep a close eye on their credit card accounts and raise a flag if there are unexpected debits which could be the work of fraudsters. The concern is that with 'fresh' credit card numbers and expiry dates in circulation, crimes may continue to be committed against those unfortunate enough to have had their data stolen," Myroff says.
This is also not a case where credit card details have been entered on a dodgy Web site, but a case where cards have been handed over to a cashier in a store that would normally be trusted to look after data. "Potentially affected consumers should watch their card statements like a hawk, and other businesses should take this as a wake-up call to ensure they have strong security in place to avoid a similar incident happening to them," Myroff says.
Sophos experts note this is not the first time a well-known retail chain has had credit card information stolen.
This hack is not as huge as the TJMaxx data breach, which exposed up to 100 million credit cards, but is still serious for those who may be affected.
Consumers would do well to heed the advice offered by Sophos to the credit and debit card customers affected by the data breach: carefully review the statements for debit and credit cards for unauthorised transactions. Open statements promptly, and compare receipts to billing statements, Myroff advises.
"If you detect any unauthorised or suspicious use of your card, contact your credit card issuer or issuing bank immediately."
More malware
According to Myroff, among the low to medium malware threats detected this week are a number of Trojans affecting the Windows platform. These include Troj/Banlo-B, Troj/DwnLdr-HBS, and Troj/Killav-EK.
A number of worms are also spreading via removable storage devices and, again, affecting Windows users. These include VBS/Autorun-CE, JS/Autorun-CC, and Sus/Emogen-AB.
Share
Editorial contacts