Incident Highlight - Virtual Heist Nets 500,000+ Bank, Credit Accounts
Sat, 01 Nov 2008 08:08:47 -0700
http://voices.washingtonpost.com/securityfix/2008/10/virtual_bank_heist_nets_500000.htmlA single cyber crime group has stolen more than a half million bank, credit and debit card accounts over the past two-and-a-half years using one of the most advanced strains of computer spyware in existence, according to research to be published today. The discovery is among the largest stolen data caches ever recovered.
Researchers at RSA's FraudAction Research Lab unearthed the massive trove of purloined data while tracking the activities of a family of spyware known as the "Sinowal" Trojan, designed to steal data from Microsoft Windows PCs.
RSA investigators found more than 270,000 online banking account credentials, as well as roughly 240,000 credit and debit account numbers and associated personal information on Web servers the Sinowal authors were using to set up their attacks. The company says the cache was the bounty collected from computers infected with Sinowal going back to February 2006.
"Almost three years is a very, very long time for just one online gang to maintain the lifecycle and operations in order to utilize just one Trojan," said Sean Brady, manager of identity protection for RSA, the security division of EMC. "Only rarely do we come across crimeware that has been continually stealing and collecting personal information and payment card data, and compromising bank accounts as far back as 2006."
To subscribe OSF's Data Loss Mail List, send a mail to:
dataloss-subscribe@datalossdb.org
Support OSF Data Loss
OSF needs your support! You can support OSF's DataLossDB in several ways, such as contributing news articles about data loss incidents or by updating older incidents as new information becomes available. Financial donations, which will support hosting, hardware upgrades, and advertising are also appreciated. If you wish to make a donation, please do so via the Google checkout link below.
About OSF Data Loss
DataLossDB is a research project aimed at documenting known and reported data loss incidents world-wide. The effort is now a community one, and with the move to Open Security Foundation's DataLossDB.org, asks for contributions of new incidents and new data for existing incidents. For any questions about this site or the data contained within the site, please contact curators@datalossdb.org.
Latest Incidents
| records | date | organizations |
|---|---|---|
| 10,000 | 2008-11-18 | British National Party |
| 0 | 2008-11-18 | Randall Martin Homes |
| 7,800 | 2008-11-15 | Trapeze |
| 344,482 | 2008-11-12 | University of Florida College of Dentistry |
| 1,000 | 2008-11-10 | Sinclair Community College |
| 1,430 | 2008-11-07 | Texas A&M University-Corpus Christi |
| 1,100 | 2008-11-07 | Plymouth County Correctional Facility |
| 0 | 2008-11-07 | Christus Health Care |
| 75 | 2008-11-06 | Express Scripts |
| 21,000 | 2008-11-06 | Harvard Law School |
Search
Largest Incidents
| records | date | organizations |
|---|---|---|
| 94,000,000 | 2007-01-17 | TJX Companies Inc. |
| 40,000,000 | 2005-06-19 | CardSystems, Visa, MasterCard, American Express |
| 30,000,000 | 2004-06-24 | America Online |
| 26,500,000 | 2006-05-22 | U.S. Department of Veterans Affairs |
| 25,000,000 | 2007-11-20 | HM Revenue and Customs, TNT |
| 17,000,000 | 2008-10-06 | T-Mobile, Deutsche Telekom |
| 12,500,000 | 2008-05-07 | Archive Systems Inc, Bank of New York Mellon |
| 11,000,000 | 2008-09-06 | GS Caltex |
| 8,637,405 | 2007-03-12 | Dai Nippon Printing Company |
| 8,500,000 | 2007-07-03 | Certegy Check Services Inc, Fidelity National Information Services |