You are here

Payment Data Breaches

Unauthorized access to bank card details may cause a serious damage to its holder, who may end up with all the money being withdrawn by criminals. This is a digest of payment data leaks prepared by InfoWatch Analytical Center.

As part of a notorious incident, hackers stole personal and financial details of customers of UK’s largest airline British Airways, who made bookings on its website (ba.com) between August 21 and September 5, thus compromising around 380,000 card transactions, airline's spokesperson said. The company advised the affected customers to contact their banks and follow their instructions.

U.S. food truck chain Foosackly’s warned customers of a data breach in its payment system. According to the company, attackers exploited a vulnerability in its vendor’s payment app to install a malware on Foosackly’s point-of-sale system. The company estimated that approximately 165,000 customers dined at affected locations while the exploit was conducted.

In India, the details of more than 150,000 credit and debit card users of seven banks across 13 states leaked to online fraudsters. According to experts, criminals obtained one-time passwords from people through social engineering techniques and used money from their credit and debit cards to top up a digital wallet. Then the hackers made purchases on a fake online store, with money being transferred from the digital wallet to their bank accounts linked to the fake store website. Another criminal group created a fake call center and managed to get the first eight digits of debit and credit cards to then dupe holders of Visa, Mastercard, RuPay and American Express cards. Pretending to be bank officers, the gang made around 120,000 calls and deceived at least 25,000 people, mainly senior citizens.

Customer payment details often attract malicious employees of service and trade companies, with some of such crimes being particularly ruthless. Thus, a woman who worked for a nursing home in St. Louis County, U.S., pleaded guilty to stealing credit card numbers from the home's residents and using them to buy clothes and other items for herself and her family. For this crime, she is facing up to 10 years in prison.

Accidental data leaks may seem less dangerous than intentional ones, but nobody can guarantee that criminals won’t lay their hands on data accidentally left on an unsecured server or emailed to a wrong person. For example, in Illinois, U.S., financial and health insurance data belonging to more than 4,000 clients of the Illinois Department of Healthcare and Family Services and the Illinois Department of Human Services were unintentionally mailed to the wrong addresses.