Stock futures receive boost; Staples investigates possible data breach; Apple … – The Plain Dealer

In this photo taken Friday, Oct. 17, 2014, Eddy Cue, Apple Senior Vice President of Internet Software and Services, demonstrates the new Apple Pay mobile payment system at a Whole Foods store in Cupertino, Calif. The new system launched on Monday.  

Stock Market Headlines:

Stock futures are getting a boost ahead of the open, indicating investors are feeling calmer after a massive bout of volatility. Dow Jones futures were gaining 84 points, Nasdaq futures were ahead 34.5 points and SP 500 futures were up 12.5 points. (CNN Money)

Many Asian markets ended the day lower after data showed China’s economy grew at its slowest pace for five years. (BBC News)

Brent crude oil held near $86 a barrel today on news of robust Chinese oil demand, although gains were capped by oversupply and concerns over the health of the rest of the global economy. (Reuters)

U.S. Business Headlines:

Staples said late Monday evening it is investigating a possible breach of payment card data and has contacted law enforcement about the matter. (Reuters)

The U.S. government issued an urgent plea to more than 4.7 million people to get the air bags in their cars fixed, amid concern a defect in the devices can possibly kill or injure the driver or passengers. (Associated Press)

Travelers Cos., the only property-casualty insurer in the Dow Jones Industrial Average, said third-quarter profit rose 6.4 percent on investments and lower claims from natural disasters. (Bloomberg News)

Nielsen and Adobe Systems announced an alliance today that aims to measure the viewership of digital video across all Internet-connected platforms. (Reuters)

Technology Headlines:

Apple’s new Apple Pay service is getting major press attention now that it’s finally available to users of the iPhone 6 and iPhone 6 Plus, but you can’t just walk into any store and use it. (Tom’s Guide US)

Even 11 days after he told a group of women to have faith the system will give them “the right raise” and not worry about asking for a higher wage, Microsoft CEO Satya Nadella was still apologizing in San Francisco on Monday. (San Francisco Chronicle)

Former Microsoft and Juniper Networks executive Bob Muglia is taking the wraps off his newest company – Snowflake Computing, an effort to sell data software designed for Internet-based cloud networks. (Bloomberg Businessweek)

British-based chip designer ARM Holdings, whose products are in most smart phones, declined today after results missed analysts’ estimates. (MT Newswires)

World Business Headlines:

Total SA’s Christophe de Margerie died when his airplane struck a snowplow on a Moscow runway, ending a career in which he oversaw the biggest expansion of oil reserves at the French energy giant in at least 15 years. (Bloomberg News)

U.S. commerce secretary Penny Pritzker says American and Japanese negotiators are making progress on the Trans-Pacific Partnership free trade deal. (Voice of America)

United Kingdom public sector finances deteriorated in September, official data showed today. (Investing.com)

China’s gross domestic product growth fell to 7.3 percent in the third quarter, a nice surprise for analysts expecting the figure to be 7.2 percent but still the slowest rate since the depths of the global financial crisis in 2009. (Fortune)

A German court has rejected a bid by Lufthansa to force a union representing the company’s pilots to call off a strike, the latest in a string of walkouts over retirement benefits. (Associated Press)

Article source: http://www.cleveland.com/business/index.ssf/2014/10/stock_futures_receive_boost_st.html

,

No Comments

A Big Mac, a Coke and a data breach — 5 things to know today

Good morning, friends and Fortune readers.

U.S. stocks look set to move higher at Tuesday’s opening bell, as investors digest a raft of earnings from Dow components McDonald’s, Coca-Cola, Verizon and others. Later in the day we’ll hear from Marissa Mayer’s Yahoo. Plus, China posted its slowest economic growth since the financial crisis, and the country’s market was down at the end of trading. Here’s what else you need to know.

1. Big Mac and a Coke, anyone?

Both McDonald’s


MCD



and Coca-Cola


KO



report quarterly earnings today. Both companies have been hurt by changing consumer demand lately, as people are drinking less soda and leaning towards “fast casual” restaurants rather than eating fast food.

Will either company be able to right their ship? Not Coke, which said soda volumes were flat in the third quarter. Earnings and revenue both declined, and the soda maker disclosed a new cost-cutting plan. Separately, McDonald’s said its third-quarter earnings drop was worse than expected and laid out a fix for its deepening sales decline.

2. Who’s moving?

Existing home sales data for September are due out later this morning. They were down last month after four months of steady growth. People selling their homes tend to go out and buy new houses, so a rebound would be a good sign for the economy.

3. Another data breach

Data breaches at large retailers seem to come every day now, and Staples


SPLS



is the latest retailer to announce a breach, according to CNBC. The office supplier hasn’t announced specifics yet, but said credit card data may have been taken.

4. Sad news from Russia

Christophe de Margerie, the CEO of French oil company Total, died when his plane crashed near Moscow. The larger-than-life de Margerie, 63, was on his way back from a meeting between foreign investors and the Russian government when his Dassault executive jet hit a snowplow, killing him and the three crew members on board.

5. Does Marissa Mayer have a miracle?

According to reports, no. Yahoo


YHOO



will report its earnings this afternoon, and it is expected to miss analysts’ expectations as the one-time tech giant continues to disappoint. Could the rumored purchase of video ad company Brightroll change things?

Article source: http://fortune.com/2014/10/21/a-big-mac-a-coke-and-a-data-breach-5-things-to-know-today/

,

No Comments

Are data breaches creating smarter consumers?


Shoppers visit Target on Saturday, Nov. 23, 2013, in New York. Despite signs that the economy is improving, big store chains like Wal-Mart and Kohl’s don’t expect Americans to have much holiday shopping cheer unless they see bold, red signs that offer huge discounts. (AP Photo/Bebeto Matthews)

A slew of recent security breaches — including at household names like Target, Home Depot and JPMorgan Chase–don’t appear to be rattling Wall Street or shoppers.

But they might be leading to smarter consumers, a new survey shows.

Security experts have long cautioned that one of the easiest ways to protect against fraud is to make purchases with a credit card instead of a debit card. The thinking is that when a breach happens, credit card companies can offer a buffer by assuming the losses while the fraudulent purchase is investigated. “If your debit card gets used fraudulently, you’re out real money from a real account,” says Matt Schulz, an analyst for CreditCards.com. “That may not get replaced for two weeks and in the interim you may not have that money to make a rent payment.”

Yet consumers have preferred to use debit over credit, with some young consumers shunning credit cards completely in order to minimize their chances of piling on more debt. Now, at least some consumers may be changing their ways.

Of those who had credit cards, one in eight consumers said they are more likely to shop with credit cards this holiday season in the wake of the recent data breaches, according to a survey released Monday by CreditCards.com. Nearly half of people surveyed, or 48 percent, said they would cut their chances of fraud altogether by paying in cash.

Consumers were divided on how they would treat the retailers that have recent breaches. Forty-five percent of people with credit cards or debit cards said they either definitely would not, or probably would not, shop at retailers that have had a security breach. Forty-one percent of consumers said they would probably still shop at those stores and 11 percent said they definitely would.

Among the least worried consumers were women and higher earners. More than half, 56 percent, of women said they would definitely or probably keep going to those stores. So did 67 percent of consumers who make $75,000 or more.

Cybersecurity has been generating more attention in recent weeks after significant breaches exposed the information of millions of consumers. Even President Obama called on the federal government last week to improve credit card security in light of the recent breaches.

Still, not all breaches lead to fraudulent charges or identity theft. Many banks are proactive about letting customers know when they’ve visited retailers or shops that have been breached, often sending people new cards proactively. The vulnerability of the breach will also depend on the type of information exposed. The JPMorgan breach, for instance, did not involve birth dates or Social Security numbers.

And the biggest issue this holiday season may not be whether consumers are anxious about the purchase they’re making but if they are spending at all. Flat wages and worries about the economy have kept spending down across most retail categories, and it’s not clear when consumers might feel ready to open their wallets again.

Read More:

The reason Americans are spending less

A guide to paying off your student loans

How debt loads are changing for young and old consumers

Article source: http://www.washingtonpost.com/news/get-there/wp/2014/10/20/are-data-breaches-creating-better-consumers/

,

No Comments

Data breach investigated after Irish Water discloses bank details

Irish Water is investigating a data breach after it sent bank details relating to a number of individuals to the wrong people.

The issue emerged after one man tweeted yesterday that the utility had sent his bank information to his landlord.

Paul Keogan, from Dublin, said his landlord had phoned him on Sunday to say he had received a direct debit confirmation from Irish Water in his own name with a bank account that he suspected was Mr Keogan’s.

This was later confirmed to be the case and the details related to the account Mr Keogan had used to set up his direct debit to the utility.

“It was addressed to him sent to his address, but it pertained to the property he rents to me,” Mr Keogan told The Irish Times.

He said he had tried three times to contact Irish Water by phone yesterday but could not get through.

He had tweeted out of exasperation.

Mr Keogan said he was “very annoyed” that his details had been passed on, but was also “livid” that Irish Water had not contacted him.

A spokeswoman for the Data Protection Commissioner confirmed Irish Water had reported the matter under the commissioner’s personal data breach code of practice and that it had been dealt with as a security breach.

“The report concerned the inadvertent disclosure of bank details in respect of a number of individuals.”

The commissioner’s requirements in relation to such matters were that the affected individuals be notified of the matter, advising them of steps they can take to protect themselves.

Secondly, the actual recipients of the letters should be contacted and asked to return the letters to Irish Water and thirdly, the body was required to put in place procedures to prevent a repeat of this type of incident.

“These requirements are being addressed by Irish Water,” the spokeswoman said.

Irish Water said it was aware of this issue and is currently carrying out an investigation.

Separately, the commissioner has formally investigated three complaints from individuals in relation to Irish Water. These complaints related to a previous data security breach Irish Water had notified to the office.

Last month, Irish Water apologised to over 6,300 customers after it sent them letters with data relating to other individuals.

The spokeswoman for the Data Protection Commissioner confirmed the office had received “a large number” of inquiries from members of the public in relation to Irish Water’s processing of personal data generally, particularly in relation to the use of PPS numbers.

She said it had engaged with Irish Water “to clarify certain matters in order to assist us to respond to these inquiries”.

“Our engagement with Irish Water is continuing and we have strongly encouraged Irish Water to provide as much information as possible to the public in relation to how their information will be processed.”

Article source: http://www.irishtimes.com/news/ireland/irish-news/data-breach-investigated-after-irish-water-discloses-bank-details-1.1971697

,

No Comments

Staples Warns of Possible Card Data Breach

Office-supply chain Staples may be the latest retailer to be hacked.

The company said late Monday it is investigating a possible card data breach, following weeks after the large attack on credit-card terminals at Home Depot, which itself followed breaches at chains including Target Corp. and Neiman Marcus Group.

“Staples is in the process of investigating a potential issue involving credit card data and has contacted law…

Article source: http://online.wsj.com/articles/staples-warns-of-possible-card-data-breach-1413858978

,

No Comments

Staples Investigating Possible Payment Card Data Breach

Staples Inc is investigating a possible breach of payment card data and has contacted law enforcement about the matter, making it the latest U.S. retailer to become a possible victim of a cyberattack. “Staples is in the process of investigating a potential issue involving credit card data and has contacted law enforcement,” company spokesman Mark Cautela said in a statement late Monday.

The office-supply retailer disclosed the investigation after security reporter Brian Krebs reported on his blog Krebsonsecurity.com that several banks have identified a pattern of payment card fraud suggesting that several Staples stores in northeastern United States had succumbed to a data breach.”We take the protection of customer information very seriously, and are working to resolve the situation,” Cautela said. “If Staples discovers an issue, it is important to note that customers are not responsible for any fraudulent activity on their credit cards that is reported on a timely basis.” Staples did not provide additional details of the data breach.

IN-DEPTH

– Reuters

Article source: http://www.nbcnews.com/tech/security/staples-investigating-possible-payment-card-data-breach-n230416

,

No Comments

Staples Investigates Potential Data Breach In The Northeast

On Monday afternoon, Staples Staples announced that the Staples App would now support Apple Pay–Apple’s Apple’s new mobile payment system that some say will eventually make credit cards obsolete. Just a few hours later, Staples confirmed that the retailer is investigating a potential credit and debit card breach at some locations.  This news comes just over a week since Kmart joined a long line of retailers who have suffered credit card breaches this year.

Brian Krebs first reported the potential breach at Staples. According to Krebs, fraud patterns observed by several banks suggest that some Staples stores in the Northeast have been hit with a data breach–including “seven Staples stores in Pennsylvania, at least three in New York City, and another in New Jersey.” While Staples has stores around the nation, there is not yet evidence that the breach extends outside the Northeast, according to Krebs’ sources at different banks.

Staples has confirmed that it is investigating a potential breach, but has not commented beyond a short statement. “Staples is in the process of investigating a potential issue involving credit card data and has contacted law enforcement,” said Staples Senior Public Relations Manager Mark Cautela. “We take the protection of customer information very seriously, and are working to resolve the situation. If Staples discovers an issue, it is important to note that customers are not responsible for any fraudulent activity on their credit cards that is reported on a timely basis.”

From massive breaches at Home Depot and Target to smaller breaches as a variety of retailers and food chains, many credit card breaches at retailers happen as a result of malware attached to card payment terminals, which allows hackers to steal credit card numbers upon swiping.

But the days of swiping credit cards may be coming to an end. Mobile payment systems like Apple Pay and Google Google Wallet are removing the need for a physical credit card when making payments in stores. And even without mobile payments, card swiping may begin to be obsolete in the United States in as little as a year’s time thanks to new EMV chip-and-PIN card technology. The rest of the world has already largely implemented chip payment cards, which contain a microchip and are inserted into a slot rather than swiped, but the United States has lagged behind while bearing the brunt of world’s credit card fraud. By October 2015, retailers in the United States will have start using EMV cards or be personally held financially liable for any credit card fraud–a burden that currently falls on banks.

 

 

Follow me on Twitter at @kate_vinton.

Article source: http://www.forbes.com/sites/katevinton/2014/10/20/staples-investigates-potential-data-breach-to-northeast-locations/

,

No Comments

Google Adds Hardware Security Key For Account Protection

Article source: http://threatpost.com/google-adds-hardware-security-key-for-account-protection/108943

No Comments

Staples confirms data breach investigation

Thank you

Your message has been sent.

Sorry

There was an error emailing this page.

  • Hacking stealing password data.

  • kmart storefront

  • dairy queen grill chill sign

staples store

Credit:

Anthony92931

In a statement, company stresses that they’re working to resolve the situation

By Steve Ragan

CSO |

Oct 20, 2014 7:05 PM
PT

“;
placementDiff = applyInsert($(this), adDivString);
if (debug) {
console.log(“Just placed an ad and the placementDiff is: ” + placementDiff);
}
placementTarget = cumulativeHeight + placementDiff + interModuleHeight + adHeightBuffer;
}
else {
var moduleDivString = “”;
var elementId = “drr-mod-”+moduleCounter;
moduleDivString = “”;
modules.push(elementId);

placementDiff = applyInsert($(this), moduleDivString);
if (debug) {
console.log(“Just placed a module and the placementDiff is: ” + placementDiff);
}
placementTarget = cumulativeHeight + placementDiff + interModuleHeight + moduleHeightBuffer;
moduleCounter++;
}
loopCounter++;
}
// Avoid placing elements too soon due to non-large figures inflating the cumulative height
if ($(this).is(“figure”) !$(this).is(“figure.large”)) {
cumulativeHeight += grafHeight;
}
else {
cumulativeHeight += $(this).height() + grafHeight;
}
}
});

// clone Related Stories module m-15 to come in after 2nd para in article body for mobile breakpoint display
var $relatedStories = $(‘.related-promo-wrapper’);
if ($relatedStories.length) {
var $relatedStoriesClone = $relatedStories.clone();
$relatedStoriesClone.insertAfter( “#drr-container p:eq(1)”);
}

var $insiderPromo = $(‘.insider-promo-wrapper’);
if ($insiderPromo.length) {
var $insiderPromoClone = $insiderPromo.clone();
$insiderPromoClone.insertAfter( “#drr-container p:eq(1)”);
}

//place left side element
cumulativeHeight = 0;
var leftPlacementTarget = tagHeight = leftPlacementTarget) {
if (debug) {
console.log(“congratulations… we’ve passed the initial start point”);
}
if (leftPlacementIndex == null) {
//it’s not good enough to not be a left avoid – it also shouldn’t be a

with an immediately preceding small or medium image left avoid.
if (!isLeftAvoid($(this)) noPrevFigures($(this)) ) {
leftPlacementIndex = $(this).index();
$leftPlacementElement = $(this);
leftPlacementLookaheadStart = cumulativeHeight;
if (debug) {
console.log(“is not a left avoid and no prev figures. ########## set placementIndex (“+leftPlacementIndex+”) and lookaheadStart (“+leftPlacementLookaheadStart+”) ##########”);
}
} else {
if (debug) {
console.log(“is a left avoid or has previous figures. continue”);
}
}
} else {
if (debug) {
console.log(“#### leftPlacementIndex already set to “+leftPlacementIndex+”. looking ahead…”);
}
//not null; has been set
if ((cumulativeHeight – leftPlacementLookaheadStart) leftIntervalHeight) {
if (debug) {
console.log(“###### THRESHOLD REACHED. LOOKAHEAD COMPLETE. END ###### (cumulativeHeight – leftPlacementLookaheadStart) (“+(cumulativeHeight-leftPlacementLookaheadStart)+”) leftIntervalHeight (“+leftIntervalHeight+”).”);
}
return false;
} else {
if (debug) {
console.log(“threshold not reached: (cumulativeHeight – leftPlacementLookaheadStart) (“+(cumulativeHeight-leftPlacementLookaheadStart)+”) tags
if (!(isLeftAvoid($(this)) ($(this).hasClass(‘small’) || $(this).hasClass(‘inline-small’) || $(this).hasClass(‘medium’) || $(this).hasClass(‘inline-medium’) || $(this).hasClass(‘apart’) ))) {
cumulativeHeight += $(this).height() + grafHeight;
}
if (debug) {
console.log(“——————– set cumulativeHeight(“+cumulativeHeight+”) —————”);
console.log(“”);
}
}
});
}

if (leftPlacementIndex != null elementNotNearEnd($leftPlacementElement, leftPixelWindow)) {
if (debug) {
console.log(” insert into index “+leftPlacementIndex);
}
$(“#drr-container”).children().eq(leftPlacementIndex).before(“

“);
}

IDG.GPT.trackOmniture();

// Add Right rail module content
for (var i=0; i= 0) {
var a = document.createElement(‘a’);
a.href = document.referrer;
var uriParts = a.pathname.split(‘/’);
a = ”;
if (typeof uriParts[3] == ‘undefined’) {
epoParams += “typeId=” + defaultTypeId + “referrer=home”; // default is ‘home’ behavior
}
else {
var refCatSlug = uriParts[3];
epoParams += “catSlug=” + refCatSlug + “referrer=article”;
}
}
// From SEARCH: Show article with catId same as current article
else if (document.referrer.indexOf(“google”) = 0 || document.referrer.indexOf(“yahoo”) = 0 || document.referrer.indexOf(“bing”) = 0) {
var categories = [3346, 3302, 3303];
if (categories instanceof Array categories.length 0) {
var primaryCatId = categories[0];
epoParams += “catId=” + primaryCatId + “referrer=search”;
}
else {
epoParams += “typeId=” + defaultTypeId + “referrer=home”; // default is ‘home’ behavior
}
}
// Default is to show like coming from homepage
else {

epoParams += “typeId=” + defaultTypeId + “referrer=home”;
// default is ‘home’ behavior
}
return epoParams;
}

/**
* @param jqo Original jquery object target
* @param divString The div to be inserted.
* @return Difference in height between original placement target and final target.
* Checks first 6 elements for an allowable placement (600 pixel window).
* If none, check nearby for elements that are not right avoids.
* If none, place element before current target.
*/
function applyInsert(jqo, divString) {
if (debug) {
console.log(“applyInsert at top and jqo index is: ” + jqo.index());
}

for (var i=0; i 0) {
children = $(“#drr-container”).children().slice(jqo.index(), allowElement.index() );
}
else {
children = $(“#drr-container”).children().slice(allowElement.index(), jqo.index());

}
if (children != null) {
children.each(function(i) {
if (debug) {
console.log(“About to add this element’s height to heigh diff offset”);
console.log($(this));
}
height += $(this).height() + grafHeight;
});
}
if (offset 300) {
if (debug) {
console.log(“isRightAvoid: found pre. return true”);
}
return true;
}
if (jqo.is(“figure”) jqo.hasClass(‘large’)) {
if (debug) {
console.log(“isRightAvoid: found figure.large return true”);
}
return true;
}
if (jqo.is(“figure”) jqo.hasClass(‘medium’) jqo.hasClass(‘inline’)) {
if (debug) {
console.log(“isRightAvoid: found figure has class medium and inline.”);
}
return true;
}

if (jqo.is(‘div’) jqo.hasClass(‘table-wrapper’)) {
if (debug) {
console.log(“isRightAvoid: found div with class table-wrapper”);
}
return true;
}
if (jqo.is(‘aside’)) {
if (jqo.hasClass(‘sidebar’) !jqo.hasClass(‘medium’)) {
if (debug) {
console.log(“isRightAvoid: found aside with class sidebar, without class medium”);
}
return true;
}
if (jqo.hasClass(‘statsTable’)) {
if (debug) {
console.log(“isRightAvoid: found aside with class statsTable”);
}
return true;
}
}
if (jqo.hasClass(‘download-asset’)) {
if (debug) {
console.log(“isRightAvoid: found class download-asset return true”);
}
return true;
}
if (jqo.hasClass(‘tableLarge’)) {
if (debug) {
console.log(“isRightAvoid: found class tableLarge return true”);
}
return true;
}
if (jqo.hasClass(‘reject’)) {
if (debug) {
console.log(“isRightAvoid: found class reject. return true”);
}
return true;
}
if (jqo.is(‘table’) jqo.hasClass(‘scorecard’)) {
if (debug) {
console.log(“isRightAvoid: found div with class scorecard”);
}
return true;
}
}
return false;
}

// Return true if element has class ‘reject’: will not place drr modules/ads next to these elements
function isRightReject(jqo) {
console.log(“in isRightReject”);
if (jqo != null) {
if (jqo.hasClass(“reject”)) {
if (debug) {
console.log(“isRightReject: found ‘reject’ class”);
}
return true;
}
return false;
}
return false;
}

// Returns true if height of all elements after this one is more than 500; false otherwise
function elementNotNearEnd(element, pixelWindow) {
if (pixelWindow == null) {
pixelWindow = 500;
}
if (element == null) {
return false;
}
var remainingHeight = 0;
var children = $(“#drr-container”).children().slice(element.index());
if (children == null) {
return false;
}
children.each(function(i){
remainingHeight += $(this).height();
});
if ( remainingHeight pixelWindow) {
return true;
}
else {
if (debug) {
console.log(“Element too close to end. Remaining height is: ” + remainingHeight + ” and window is ” + pixelWindow);
}
return false;
}
}

/**
* Return true if need to avoid this element when placing left module.
*/
function isLeftAvoid(jqo) {
if (jqo.is(“figure”)) {
if (debug) {
console.log(“isLeftAvoid: found figure. return true”);
}
return true;
}
if (jqo.is(“aside.pullquote”)) {
if (debug) {
console.log(“isLeftAvoid: found pullquote. return true”);
}
return true;
}
if (jqo.is(“pre”)) {
if (debug) {
console.log(“isLeftAvoid: found pre. return true”);
}
return true;
}
if (jqo.is(“div.gist”)) {
if (debug) {
console.log(“isLeftAvoid: found github code block. return true”);
}
return true;
}

if (jqo.is(“aside”) jqo.hasClass(“sidebar”) jqo.hasClass(“medium”)) {
if (debug) {
console.log(“isLeftAvoid: found medium sidebar. return true”);
}
return true;
}

if (jqo.hasClass(“statsTable”)) {
if (debug) {
console.log(“isLeftAvoid: found class statsTable. return true”);
}
return true;
}
return false;
}

/**
* return true if there are no figures before the target placement that might bleed down into placement element
*/
function noPrevFigures($originalTarget) {
var targetIndex = $originalTarget.index();
var numElementsLookBack = 5;
var figureIndex = null;
var figureHeight = null;
var startIndex = targetIndex – numElementsLookBack

Monday evening, investigative journalist Brian Krebs reported that multiple banking sources were seeing a pattern of credit and debit card fraud. The common thread between each case were purchases made at Staples Inc. stores in the Northeastern U.S.

There isn’t a lot to go on if in fact the latest retailer to be breached is Framingham, Mass.-based Staples Inc.

What’s known for sure comes from the sources that spoke on background to Krebs. They said the fraudulent transactions were traced to cards that made purchases at Staples stores in Pennsylvania, New York City, and New Jersey.

In a statement to Salted Hash, Mark Cautela, Senior Public Relations Manager for Staples Inc., said that the company is investigating a potential issue involving credit and debit card data, and that law enforcement has been contacted.

When asked for additional details, Cautela declined further comment.

“Staples is in the process of investigating a potential issue involving credit card data and has contacted law enforcement. We take the protection of customer information very seriously, and are working to resolve the situation. If Staples discovers an issue, it is important to note that customers are not responsible for any fraudulent activity on their credit cards that is reported on a timely basis.” – Mark Cautela, Senior Public Relations Manager, Staples

Given the pattern in recent months, it’s possible that Staples has fallen victim to Backoff, a malware family that targets POS systems, or a similar variant.

Backoff entered the public eye earlier this summer, after the U.S. Secret Service issued a warning to retailers. The attackers installed Backoff after locating poorly protected instances of remote management software, such as LogMeIn, or similar services from Microsoft, Apple, or Chrome.

At the time, some 600 businesses were victimized by the malicious code, but that number was expected to increase.

Since then, Home Depot, Target, Dairy Queen, Kmart, and others have been victimized by POS malware, including Backoff, BlackPOS, vSkimmer, or TriForce.

This story will be updated as the situation develops.

  • socengentry

  • clean desk



CSO provides news, analysis and research on security and risk management




Article source: http://www.csoonline.com/article/2836294/data-breach/staples-confirms-data-breach-investigation.html

,

No Comments

How can data breaches be stopped?

It seems like every week we’re hearing about some new data breach involving a major business or corporation. Many New Jerseyans are wondering if this problem will continue to get worse, or if something can be done about it.


Cyber-security symposium at Kean University. (David Matthau, Townsquare Media NJ)

“Cyber-security continues to be a huge challenge and part of the problem is the threat landscape continually changes, every time a new piece of software is introduced or other technology is introduced it creates certain vulnerabilities,” said James Mottola, special agent in charge of the Secret Service Newark Field Office, during a cyber-security symposium in Union.

Mottola said “those vulnerabilities are often exploited by folks that are looking to monetize, in one way shape or form, the exfiltration or the sale of data, and in particular financial data.”

In addition to stealing from big corporations, Mottola says cyber crooks are also stealing information from individuals, by tricking them into “opening up an email, clicking on a link that can be malicious and loading certain malware onto computer systems – so it’s critically important to continue to educate people in the public sector about all of the schemes that are out there.”

He said while it may be impossible to stop all breaches from taking place, the situation can be improved.

“For small businesses in particular, they need to look at some of these IT professionals for services that can help them protect their data, because it’s not their core business,” Mottola said.

He said officials are trying to encourage companies to “partition” information online, and then quickly respond if, and when, a breach takes place.

“Businesses have gotten much better at detecting when their systems have been infiltrated and responding to that and I think that’s an evolution, I think we’ll continue to see that. There are best practices that companies can follow to reduce the risk,” he said.

Assemblyman Jon Bramnick, (R-Westfield) who organized the symposium, said part of the current problem is that businesses are afraid to discuss cyber theft, because they’re nervous it will hurt their sales.

“If you mention that a business is under attack it may affect consumer confidence in that business; they may not shop there,” he said.

Bramnick said he understands there are some things we shouldn’t talk about in a public forum, but to not have any discussion about the topic because we’re afraid “is a big mistake.”

He added if companies won’t voluntarily share this information with the state office of Homeland Security, “then we may have to require disclosure when a business is attacked in New Jersey, we may have to legislate it.”

New Jersey Homeland Security Director Chris Rodriguez said cyber-security is something we all need to play a part in.

“We have adversaries out there who are interested in gathering data and information from our networks for nefarious purposes,” Rodriguez said.

He said said his Office is working to branch the technical, analytical and communication gaps between local and federal authorities, facilitate information-sharing with the private sector and engage citizens “to practice better cyber-hygiene.”

Article source: http://nj1015.com/how-can-data-breaches-be-stopped/

,

No Comments