Over 30,000 credit cards compromised at Tel Sell (NL)
Technorati Tag: Security Breach
Date Reported:
11/27/07
Organization:
Tel Sell BV
Contractor/Consultant/Branch:
None
Victims:
Tel Sell customers
Number Affected:
~31,000*
*Over 15,000 Visa card details and ~16,000 Mastercard details
Types of Data:
Names, addresses, credit card details, and other order information.
Breach Description:
According to Dutch court documents obtained by Telegraaf (Holland's largest newspaper), Tel Sell suffered a breach in May, 2007 when unauthorized persons accessed and downloaded order information from Tel Sell's computer systems. Tel Sell never informed customers.
Reference URL:
Forum of Incident Response and Security Teams (FIRST) Story
DutchNews.nl News Story
Telegraaf News Story - Original Report (DUTCH)
Report Credit:
Telegraaf and FIRST
Response:
From the sources cited above:
Customers of the television-sales organization TelSell can not only tele-shop while relaxing in their lazy chair, they also have a good chance to be robbed, while in that same chair
Earlier this year the details of over 30,000 creditcards have been stolen from Telsell’s computersystems.
The details are from customers who in the past ordered Telsell products, including slimming belts, fitness equipment and figure-correction underwear. With the card details cybercriminals can relatively easy make illegal transfers, where the victims are served the bill.
The Dutch company Telsell has been aware of this theft since 6 months, but never informed those customers at risk.
This has been discovered in procedural legal documents, obtained by the Telegraaf, the largest Dutch newspaper.
According to these papers, last May hackers managed to break into, and compromize Telsell’s computersystems, copying over fifteenthousand Visa card details and around sixteenthousand Mastercard details.
What is unusual is that Telsell decided not to fore-warn its possibly affected customers. If they had been warned in time, customers could have checked their creditcard accounts for irregularities. Anyone who does not notice illegitimate transfers in their own account statements timely, will not receive any financial compensation.
The even more unsual explanation by Telsell is: “It is not our resonsibility to warn our customers” Yesterday the company Telsell refused to comment. Also it is not clear whether sufficient measures have been taken to avoid a repeat of the computer systems compromize.
Commentary:
It's hard to believe that a company could be this negligent. I get the information for this report "third-hand", but you have to believe that some if not all of it is true.
Tel Sell should be held accountable for this breach and their inexcusably poor response. If I were a customer of Tel Sell (Thank God, I am not), I would immediately cancel my credit card(s) and ask for re-issues just as I would if I had lost my wallet. I would not do business with such a poorly run company until they take the responsibility for personal information, which they appear to have not.
Past Breaches:
Unknown
Date Reported:11/27/07
Organization:
Tel Sell BV
Contractor/Consultant/Branch:
None
Victims:
Tel Sell customers
Number Affected:
~31,000*
*Over 15,000 Visa card details and ~16,000 Mastercard details
Types of Data:
Names, addresses, credit card details, and other order information.
Breach Description:
According to Dutch court documents obtained by Telegraaf (Holland's largest newspaper), Tel Sell suffered a breach in May, 2007 when unauthorized persons accessed and downloaded order information from Tel Sell's computer systems. Tel Sell never informed customers.
Reference URL:
Forum of Incident Response and Security Teams (FIRST) Story
DutchNews.nl News Story
Telegraaf News Story - Original Report (DUTCH)
Report Credit:
Telegraaf and FIRST
Response:
From the sources cited above:
Customers of the television-sales organization TelSell can not only tele-shop while relaxing in their lazy chair, they also have a good chance to be robbed, while in that same chair
Earlier this year the details of over 30,000 creditcards have been stolen from Telsell’s computersystems.
The details are from customers who in the past ordered Telsell products, including slimming belts, fitness equipment and figure-correction underwear. With the card details cybercriminals can relatively easy make illegal transfers, where the victims are served the bill.
The Dutch company Telsell has been aware of this theft since 6 months, but never informed those customers at risk.
This has been discovered in procedural legal documents, obtained by the Telegraaf, the largest Dutch newspaper.
According to these papers, last May hackers managed to break into, and compromize Telsell’s computersystems, copying over fifteenthousand Visa card details and around sixteenthousand Mastercard details.
What is unusual is that Telsell decided not to fore-warn its possibly affected customers. If they had been warned in time, customers could have checked their creditcard accounts for irregularities. Anyone who does not notice illegitimate transfers in their own account statements timely, will not receive any financial compensation.
The even more unsual explanation by Telsell is: “It is not our resonsibility to warn our customers” Yesterday the company Telsell refused to comment. Also it is not clear whether sufficient measures have been taken to avoid a repeat of the computer systems compromize.
Commentary:
It's hard to believe that a company could be this negligent. I get the information for this report "third-hand", but you have to believe that some if not all of it is true.
Tel Sell should be held accountable for this breach and their inexcusably poor response. If I were a customer of Tel Sell (Thank God, I am not), I would immediately cancel my credit card(s) and ask for re-issues just as I would if I had lost my wallet. I would not do business with such a poorly run company until they take the responsibility for personal information, which they appear to have not.
Past Breaches:
Unknown
Posts Atom 1.0
Comments