Data Breach Ripples: Week of October 30

Posted by Zach Walker on Oct 30, 2015 1:30:00 PM
Find me on:


In this week's issue,  EMV Adoption in the U.S. is suffering, TalkTalk is the latest organization to be breached, the FBI recommends that Ransomware victims pay up, a former Apple employee is accused of selling fake payment cards and for our Rippleshot content, we take a look back at th month of October and see how we've fared with the post-EMV shift.

report: emv adoption suffering from lack of education

The United States is the last developed country in the world to adopt the EMV standard for payment cards. According to a new report, EMV adoption is progressing at a much slower pace for consumers due to a lack of education. Payment solution provider Ingenico, released its findings at this year’s Money20/20 conference highlighting some key stats surrounding EMV adoption in the U.S. While 60 percent of U.S. cardholders have received EMV cards from their financial institution or card issuer. However, only 48 percent of those have used their EMV card correctly by ‘dipping’ the card into the Point of Sale (POS) terminal to complete a transaction. Of all the surveyed cardholders that received educational materials along with their new EMV card, only 27 percent noted that the information was helpful in making future transactions.

To learn more about the key findings in this report, click here.

talktalk payment breach could cost millions

British phone and broadband provider TalkTalk is the latest company to be a victim of a data breach. Last Friday, TalkTalk issued a statement that its Web site had been hacked and an unknown number of its four million customers may have had their personal and payment information compromised. Since the intrusion, the company has received a ransom demanding approximately $122,000 in Bitcoin, or the list of stolen information will be published online. Even if the ransom is paid by TalkTalk, it appears that the stolen information may still be released. Postings have been found on an underground market forum, indicating that TalkTalk customer data will be available for purchase at a future date. Now, we wait and see if those responsible for the hack ever planned on negotiating with TalkTalk.

FBI recommends that victims of ransomware pay up

At this year’s Cyber Security Summit in Boston, an assistant special agent with the FBI weighed in on cyberattacks involving ransomware attacks which often target businesses and individuals. Assistant Special Agent Joseph Bonavolonta told a group of security professionals that the FBI recommends that victims of ransomware pay the ransom instead of trying to catch those responsible for the hack. First reported by SecurityLedger, the bureau believes that victims of ransomware attacks may not be able to get their stolen data back or prevent the data from being published, without paying the ransom. The FBI reassured attendees that they are still their to protect victims of ransomware-style attacks and bring the perpetrators to justice.

When asked for more clarification on the bureau’s stance on ransomware, Agent Bonavolonta kept it simple, “The ransomware is that good.”

apple employee accused of selling fake credit, Debit cards

A former Apple employee in New York is accused of selling fake credit and debit cards after being charged with a number of crimes. A Queens, New York resident has been charged with grand larceny and a list of other crimes after an internal investigation took place at Apple’s Queens Center Mall location. According to the charges against the former employee, the suspect allegedly loaded Apple gift cards with money from stolen credit and debit cards, to later sell to a third-party vendor. The total value of the gift cards was $997,000 and at the time of the suspect’s arrest, 51 American Express and Visa gift cards were found with re-encoded credit card information.

According to a police report, the suspect was paid $200 for each $2,000 gift card that was provided to the third-party vendor.

Rippleshot Content: one month into emv - Where do we stand?

For this week’s Rippleshot content, we recap the past month since the shift to EMV-enabled cards began here in the United States on October 1. Leading up until the EMV deadline, there had been a growing concern over whether or not merchants would be EMV-compliant in time. There have been new reports and surveys that indicate that large numbers of consumers are still without their EMV payment cards, and for the consumers that do, there is a lack of education on EMV from their card issuers. We will cover everything from a press release issued by the FBI and consumer education on this payment technology to the non-compliance fees that merchants will be stuck with if their business is slow to adopt EMV-enabled point-of-sale terminals.

Click here to read more.


New Call-to-action  

Topics: Data Breach Ripples