Slashdot Mirror
Card Data Stolen From 5 Million Saks and Lord & Taylor Customers (nytimes.com)
Hudson's Bay said on Sunday that data from card payments in some of its Saks and Lord & Taylor stores in North America had been compromised. From a report: A well-known ring of cybercriminals has obtained more than five million credit and debit card numbers from customers of Saks Fifth Avenue and Lord & Taylor, according to a cybersecurity research firm that specializes in tracking stolen financial data. The data, the firm said, appears to have been stolen using software that was implanted into the cash register systems at the stores and that siphoned card numbers until last month. The Hudson's Bay Company, the Canadian corporation that owns both retail chains, confirmed on Sunday that a breach had occurred.
"We have become aware of a data security issue involving customer payment card data at certain Saks Fifth Avenue, Saks Off 5th and Lord & Taylor stores in North America," the company said in a statement. "We have identified the issue, and have taken steps to contain it. Once we have more clarity around the facts, we will notify our customers quickly and will offer those impacted free identity protection services, including credit and web monitoring."
"We have become aware of a data security issue involving customer payment card data at certain Saks Fifth Avenue, Saks Off 5th and Lord & Taylor stores in North America," the company said in a statement. "We have identified the issue, and have taken steps to contain it. Once we have more clarity around the facts, we will notify our customers quickly and will offer those impacted free identity protection services, including credit and web monitoring."
Why are credit card numbers even available on an internet facing DB?
Because convenience is more important than security. If you return an item to a store they can just scan your receipt and issue a credit to your card.
The CEO of these companies are going to have to face some prison time.
No, that is not the solution. America already imprisons far more people than any other country, four times more than China, Russia, or Iran. If we are going to start imprisoning people for incompetence, we will need to vastly expand our already bloated prison system and raise taxes to pay for that.
I understand that it feels good to say "lock em up" every time we have a social problem, but if you think that is actually "the" solution, then you need to grow up.
Here is the solution: Get rid of the idiotic CC system that relies on the same information being both widely known and secret. There is no way that mere knowledge of a CC# and exp-date should be enough to use it to buy stuff. The CVV helps a little, but not much since it is printed on the card. . These CEOs didn't design this retarded system. The bankers did. How about we lock them up?