Credit card skimming may affect 4,000 Best Buy customers
Technorati Tag: Security Breach
Date Reported:
2/6/09
Organization:
Best Buy Co., Inc.
Contractor/Consultant/Branch:
West Palm Beach, Florida store
Location:
West Palm Beach, Florida
Victims:
Customers during November and December, 2008
Number Affected:
"approximately 4,000"
Types of Data:
"credit card information"
Breach Description:
"An employee at Best Buy’s 1880 Palm Beach Lakes Blvd in West Palm Beach, Florida allegedly stole credit card information during November and December 2008 using an unauthorized personal device."
Reference URL:
Best Buy Customer Alert
WPEC NEWS 12
Orlando Sentinel
Sun Sentinel
Report Credit:
Best Buy
Response:
From the online sources cited above:
An employee at Best Buy’s 1880 Palm Beach Lakes Blvd in West Palm Beach, Florida allegedly stole credit card information during November and December 2008 using an unauthorized personal device.
Best Buy learned of the theft on Jan. 5, 2009.
[Evan] I'm wondering how Best Buy learned of the theft.
With the cooperation and assistance of store management, the employee was identified and taken into federal custody by the Secret Service on Jan. 7, 2009.
Federal authorities arrested Brittany Johnson, 22, of West Palm Beach, formerly a cashier at the Best Buy store at 1880 Palm Beach Lakes Blvd.
[Evan] Brittany, Brittany, Brittany, what were you thinking? What do you suppose Ms. Johnson's future employment prospects look like?
They charged her in the theft of thousands of credit cards numbers from customers, according to a criminal complaint by the U.S. attorney's office in Miami.
She sold the credit card numbers to Marius Tyree Harden, 28, of Tamarac, authorities said. Johnson and Harden were arrested on Jan. 15 and Jan. 30, respectively.
Both were charged with possession of a skimming device with the intent to defraud.
[Evan] I am no lawyer, but I assume that just having a "skimming device" or hand-held magnetic stripe reader in your possession is illegal. I suppose it depends on your location and your "intent".
A skimmer (or hand-held card reader)
Johnson told U.S. Secret Service agents that Harden approached her in November and gave her the skimming device, or card reader, to copy credit cards from customers as they make purchases.
Johnson copied the cards from customers and met with Harden weekly in November and December, and sold him the card numbers for $17 per number. She made about $1,000.
[Evan] Ms. Johnson ended up selling a good part of her future for $1,000. I suppose most people have a "tipping point", but for most people it is substantially higher than this! The math is off somewhere; $17/card x 4,000 = $68,000.
Harden resold them to third parties for hundreds of dollars, authorities said.
That person is no longer employed by Best Buy.
[Evan] Why?!?! ;)
Although none of Best Buy’s electronic systems were compromised by this former employee’s actions, Best Buy believes that approximately 4,000 people could have been affected by this former employee’s unlawful skimming of customer credit card information.
State and federal law enforcement authorities and all relevant payment card brands have been notified of the incident and Best Buy is fully cooperating with all investigations.
In addition, Best Buy is sending letters to customers who may have been affected by this
fraudulent activity, notifying them of the situation and encouraging them to review their account statements and monitor their credit reports.
Customers who shopped the West Palm Beach Store in November and December 2008 and believe they may have been affected by this situation should call Best Buy Customer Care at 1-, and review the full text of the Substitute Notice Letter
“The security and privacy of our customers is very important to Best Buy and regret any
inconvenience this situation may have caused our customers,” said Todd Hartman, vice president and chief compliance officer, Best Buy.
“What this person did was unlawful and in violation of clearly established Best Buy policy and procedure. While we have measures in place to prevent this type of situation from happening, we are carefully reviewing our processes to minimize the chance that it could happen again, including issuing special advisories to store management.”
We apologize for any inconvenience this situation may have caused you. Please do not hesitate to call Best Buy’s Customer Care at 1-888 BEST BUY if you have questions or concerns.
Commentary:
I'm surprised that we don't read about more of these types of incidents. Logic tells me that card skimming is much more prevalent than the number of news stories indicate. It is such an easy crime to commit and get away with (for a time). Credit card information can either be sold to others (there is a thriving market) or used directly (written to cards or used online w/CVV). This type of fraud is certainly not new and may spike in frequency given current economic conditions.
How do we prevent this? For one, the system is broken. When I refer to the system, I am referring to the entire credit/debit card system. Not much we can do to change an industry (yet), so we are left to secure our own people, processes and technologies ("ppt").
Some ideas for our "ppt" can include secure hiring practices, strict credit card and/or other sensitive information collection, storage, transmission, and destruction procedures, surveillance, and management training. Of course, everything in security needs to start with a (management) commitment.
Past Breaches:
Unknown
Date Reported:2/6/09
Organization:
Best Buy Co., Inc.
Contractor/Consultant/Branch:
West Palm Beach, Florida store
Location:
West Palm Beach, Florida
Victims:
Customers during November and December, 2008
Number Affected:
"approximately 4,000"
Types of Data:
"credit card information"
Breach Description:
"An employee at Best Buy’s 1880 Palm Beach Lakes Blvd in West Palm Beach, Florida allegedly stole credit card information during November and December 2008 using an unauthorized personal device."
Reference URL:
Best Buy Customer Alert
WPEC NEWS 12
Orlando Sentinel
Sun Sentinel
Report Credit:
Best Buy
Response:
From the online sources cited above:
An employee at Best Buy’s 1880 Palm Beach Lakes Blvd in West Palm Beach, Florida allegedly stole credit card information during November and December 2008 using an unauthorized personal device.
Best Buy learned of the theft on Jan. 5, 2009.
[Evan] I'm wondering how Best Buy learned of the theft.
With the cooperation and assistance of store management, the employee was identified and taken into federal custody by the Secret Service on Jan. 7, 2009.
Federal authorities arrested Brittany Johnson, 22, of West Palm Beach, formerly a cashier at the Best Buy store at 1880 Palm Beach Lakes Blvd.
[Evan] Brittany, Brittany, Brittany, what were you thinking? What do you suppose Ms. Johnson's future employment prospects look like?
They charged her in the theft of thousands of credit cards numbers from customers, according to a criminal complaint by the U.S. attorney's office in Miami.
She sold the credit card numbers to Marius Tyree Harden, 28, of Tamarac, authorities said. Johnson and Harden were arrested on Jan. 15 and Jan. 30, respectively.
Both were charged with possession of a skimming device with the intent to defraud.
[Evan] I am no lawyer, but I assume that just having a "skimming device" or hand-held magnetic stripe reader in your possession is illegal. I suppose it depends on your location and your "intent".
A skimmer (or hand-held card reader)
Johnson told U.S. Secret Service agents that Harden approached her in November and gave her the skimming device, or card reader, to copy credit cards from customers as they make purchases.
Johnson copied the cards from customers and met with Harden weekly in November and December, and sold him the card numbers for $17 per number. She made about $1,000.
[Evan] Ms. Johnson ended up selling a good part of her future for $1,000. I suppose most people have a "tipping point", but for most people it is substantially higher than this! The math is off somewhere; $17/card x 4,000 = $68,000.
Harden resold them to third parties for hundreds of dollars, authorities said.
That person is no longer employed by Best Buy.
[Evan] Why?!?! ;)
Although none of Best Buy’s electronic systems were compromised by this former employee’s actions, Best Buy believes that approximately 4,000 people could have been affected by this former employee’s unlawful skimming of customer credit card information.
State and federal law enforcement authorities and all relevant payment card brands have been notified of the incident and Best Buy is fully cooperating with all investigations.
In addition, Best Buy is sending letters to customers who may have been affected by this
fraudulent activity, notifying them of the situation and encouraging them to review their account statements and monitor their credit reports.
Customers who shopped the West Palm Beach Store in November and December 2008 and believe they may have been affected by this situation should call Best Buy Customer Care at 1-, and review the full text of the Substitute Notice Letter
“The security and privacy of our customers is very important to Best Buy and regret any
inconvenience this situation may have caused our customers,” said Todd Hartman, vice president and chief compliance officer, Best Buy.
“What this person did was unlawful and in violation of clearly established Best Buy policy and procedure. While we have measures in place to prevent this type of situation from happening, we are carefully reviewing our processes to minimize the chance that it could happen again, including issuing special advisories to store management.”
We apologize for any inconvenience this situation may have caused you. Please do not hesitate to call Best Buy’s Customer Care at 1-888 BEST BUY if you have questions or concerns.
Commentary:
I'm surprised that we don't read about more of these types of incidents. Logic tells me that card skimming is much more prevalent than the number of news stories indicate. It is such an easy crime to commit and get away with (for a time). Credit card information can either be sold to others (there is a thriving market) or used directly (written to cards or used online w/CVV). This type of fraud is certainly not new and may spike in frequency given current economic conditions.
How do we prevent this? For one, the system is broken. When I refer to the system, I am referring to the entire credit/debit card system. Not much we can do to change an industry (yet), so we are left to secure our own people, processes and technologies ("ppt").
Some ideas for our "ppt" can include secure hiring practices, strict credit card and/or other sensitive information collection, storage, transmission, and destruction procedures, surveillance, and management training. Of course, everything in security needs to start with a (management) commitment.
Past Breaches:
Unknown
Posts Atom 1.0
Comments