Limo Company Hack Exposes Juicy Targets, 850k Credit Card Numbers

tsu doh nimh writes "A compromise at a U.S. company that brokers reservations for limousine and Town Car services nationwide has exposed the personal and financial information on more than 850,000 well-heeled customers, including Fortune 500 CEOs, lawmakers, and A-list celebrities. Krebsonsecurity.com writes about the break-in, which involved the theft of information on celebrities like Tom Hanks and LeBron James, as well as lawmakers such as the chairman of the U.S. House Judiciary Committee. The story also examines the potential value of this database for spies, drawing a connection between recent personalized malware attacks against Kevin Mandia, the CEO of incident response firm Mandiant. In an interview last month with Foreign Policy magazine, Mandia described receiving spear phishing attacks that spoofed receipts for recent limo rides; according to Krebs, the info for Mandia and two other Mandiant employees was in the stolen limo company database."

Hold Them Responsible

[Jane+Q.+Public]

When are corporations going to be held responsible for the security of their customers' information?

If things like credit card information are stored in cleartext, the corporation doing it should be fined and the people responsible prosecuted if there is a leak. It's just gross irresponsibility, for which nobody has seemed to get punished.

That needs to change.

Re:Hold Them Responsible

[andyjb]

They are resposible - if they have been deemed to be in breach of PCI compliance, they will not be granted "safe harbour" by their issuing bank / {AMEX, Visa, MC}. In a nutshell it means that they will find it more expensive to do business from now on. It does often happen however that a business will decide that being PCI compliant is more expensive than the fines...

850K

[pr0t0]

Also known as a list of 850,000 people making a hell of a lot more than I do.