Please Log in

•  
• Home
• E-Magazine GS Online Flipbook | GS Online HTML Edition | Search | Archives
• Resources Street Smarts | Calendar of Events | Merchant Sales Podcast | Company Profiles | Resource Guide | NASDAQ GlobeNewswire
• Forums
• Spotlight Innovators North American Bancard
• Subscriptions
• Contact Us Register | Who We Are | The Green Sheet Staff | Danielle Thorpe | Media Kit
• Ad Page Banner Ads | SkyScraper Ads | Paperless Ads
• Video
• Media Kit Specifications | Production Dates

How the Grinch Stole Credit Cards

The Grinch struck hard during the height of the holidays by hacking Egghead servers and stealing as many as 3.7 million credit cards. Meanwhile, the FBI continues to investigate a mid-December extortion attempt in which 55,000 credit card numbers were stolen from creditcards.com.

When the hacker did not receive the $100,000 he demanded from creditcards.com, he posted credit card numbers online for about two days. That information has since been removed from the Web by the FBI’s “Cyber Squad.”

Following the breach, creditcards.com sent e-mail to their merchants informing them that hackers had contacted them a few months ago. The e-mail said the hackers appeared to be from Russia and that they threatened to post the credit card information unless the extortion fee was paid. The company immediately adopted a policy that it would neither cooperate with hackers nor pay extortion money. Instead, creditcards.com hired security consultants to improve its ability to protect data, has undergone a security audit, and has been cooperating with authorities. While the hacker claimed to have stolen 55,000 numbers, creditcards.com states that many of the numbers were test numbers and that the actual number is lower.

Laurent Jean, a spokesman for creditcards.com said, “It was an act of retribution,” Jean said. “He was angry with us, and this was the way he took out his anger...After (he asked) us for money, we did everything we could to prevent him from entering our system.”

About two weeks later, in another security breach that may or may not be linked to the creditcards.com incident, a flood of consumers complained that their cards were charged without their permission. The amounts were usually less than $20 and in many cases were charged by Russian-based companies. Since the amounts were relatively low, some cardholders may not even have noticed them.

 It is not known whether the creditcards.com breach and these charges are related because there are indications that yet another database of three million credit cards was breached in December as well. This breach allegedly involved a bogus adult site that charged $10 per card—the thieves evidently hoping the transaction would either be overlooked or cause too much embarrassment to protest.

These incidents illustrate that posting credit card numbers on the Internet is surely a valid security breach; however, it is generally nothing more than a nuisance for consumers who must cancel their cards, get new ones issued, and go over statements with a fine-tooth comb. Those most affected by these incidents are the targeted businesses and their merchants. They must cancel charges, reimburse funds if necessary, regain trust, and work to prevent future problems.

Security breaches such as these, and similar problems suffered by CD Universe, Western Union and Egghead, point out that security risks in e-tailing lie less in the transmission of credit card numbers than in data storage. Databases storing credit card numbers and personal data are a mother lode for hackers.

Back | Next | Index

© Copyright 2001;   The Green Sheet, Inc.