Slashdot Mirror

← Back to Stories (view on slashdot.org)

Limo Company Hack Exposes Juicy Targets, 850k Credit Card Numbers

Posted by timothy on from the taken-for-a-ride dept.

tsu doh nimh writes "A compromise at a U.S. company that brokers reservations for limousine and Town Car services nationwide has exposed the personal and financial information on more than 850,000 well-heeled customers, including Fortune 500 CEOs, lawmakers, and A-list celebrities. Krebsonsecurity.com writes about the break-in, which involved the theft of information on celebrities like Tom Hanks and LeBron James, as well as lawmakers such as the chairman of the U.S. House Judiciary Committee. The story also examines the potential value of this database for spies, drawing a connection between recent personalized malware attacks against Kevin Mandia, the CEO of incident response firm Mandiant. In an interview last month with Foreign Policy magazine, Mandia described receiving spear phishing attacks that spoofed receipts for recent limo rides; according to Krebs, the info for Mandia and two other Mandiant employees was in the stolen limo company database."

5 of 43 comments (clear)

  1. Hold Them Responsible by Jane+Q.+Public · · Score: 3, Interesting

    When are corporations going to be held responsible for the security of their customers' information?

    If things like credit card information are stored in cleartext, the corporation doing it should be fined and the people responsible prosecuted if there is a leak. It's just gross irresponsibility, for which nobody has seemed to get punished.

    That needs to change.

    1. Re:Hold Them Responsible by andyjb · · Score: 3, Interesting

      They are resposible - if they have been deemed to be in breach of PCI compliance, they will not be granted "safe harbour" by their issuing bank / {AMEX, Visa, MC}. In a nutshell it means that they will find it more expensive to do business from now on. It does often happen however that a business will decide that being PCI compliant is more expensive than the fines...

    2. Re:Hold Them Responsible by TheNastyInThePasty · · Score: 5, Insightful

      Having YOUR stuff stolen kind of is the fine. Your anology doesn't work because in this case, it's not the company's information that was stolen. It was their customers. A bank is a closer analogy but even that doesn't work. I'm pretty sure the bank will compensate you if the contents of your security box is stolen due to their poor security practices.

      With this company and the recent Adobe breach, there's no compensation for their customers who had their data stolen. The company gets to just go "Well shucks, I'm sorry guys." Meanwhile, their customers have been exposed to possible identity theft or fraud and they're the ones who have to deal with the consequences.

      A couple of years ago, my social security number was stolen from a local university that I took a summer class at. My parents then subscribed to one of those identity theft protection services. Were we ever compensated for the service fees needed to protect my identity? Nope. Would I have been compensated if someone stole my identity and destroyed my credit for life? Nope.

      That's the problem.

      --
      The best thing about UDP jokes is I don't care if you get them or not
    3. Re:Hold Them Responsible by Deadstick · · Score: 5, Funny

      I'll believe they're people when Texas executes one.

  2. St Louis in the House!!!! by turp182 · · Score: 3, Funny

    Hey, I have to take every chance I get to promote my hometown, and that's where this company is based.

    A coworker for mine knows someone that used to work for the company, it sounds like they used a custom (homebrew) encryption scheme for the passwords. This could be incorrect, the guy hasn't worked there in a couple of years.

    Anyway, we didn't win the World Series, but apparently we can give you Tom Hanks credit card info...

    --
    BlameBillCosby.com