GS Logo
The Green Sheet, Inc

Please Log in

A Thing New Page 1

How the Grinch Stole Credit Cards


The Grinch struck hard during the height of the holidays by hacking Egghead servers and stealing as many as 3.7 million credit cards. Meanwhile, the FBI continues to investigate a mid-December extortion attempt in which 55,000 credit card numbers were stolen from

When the hacker did not receive the $100,000 he demanded from, he posted credit card numbers online for about two days. That information has since been removed from the Web by the FBI’s “Cyber Squad.”

Following the breach, sent e-mail to their merchants informing them that hackers had contacted them a few months ago. The e-mail said the hackers appeared to be from Russia and that they threatened to post the credit card information unless the extortion fee was paid. The company immediately adopted a policy that it would neither cooperate with hackers nor pay extortion money. Instead, hired security consultants to improve its ability to protect data, has undergone a security audit, and has been cooperating with authorities. While the hacker claimed to have stolen 55,000 numbers, states that many of the numbers were test numbers and that the actual number is lower.

Laurent Jean, a spokesman for said, “It was an act of retribution,” Jean said. “He was angry with us, and this was the way he took out his anger...After (he asked) us for money, we did everything we could to prevent him from entering our system.”

About two weeks later, in another security breach that may or may not be linked to the incident, a flood of consumers complained that their cards were charged without their permission. The amounts were usually less than $20 and in many cases were charged by Russian-based companies. Since the amounts were relatively low, some cardholders may not even have noticed them.

 It is not known whether the breach and these charges are related because there are indications that yet another database of three million credit cards was breached in December as well. This breach allegedly involved a bogus adult site that charged $10 per card—the thieves evidently hoping the transaction would either be overlooked or cause too much embarrassment to protest.

These incidents illustrate that posting credit card numbers on the Internet is surely a valid security breach; however, it is generally nothing more than a nuisance for consumers who must cancel their cards, get new ones issued, and go over statements with a fine-tooth comb. Those most affected by these incidents are the targeted businesses and their merchants. They must cancel charges, reimburse funds if necessary, regain trust, and work to prevent future problems.

Security breaches such as these, and similar problems suffered by CD Universe, Western Union and Egghead, point out that security risks in e-tailing lie less in the transmission of credit card numbers than in data storage. Databases storing credit card numbers and personal data are a mother lode for hackers.

Back | Next | Index

© Copyright 2001;   The Green Sheet, Inc.