Mumbai, July 2 The Cyber Crime Investigation Cell (CCIC) of the Mumbai Police is currently conducting investigations in a case of possible corporate data theft, in which a former employee of a leading IT company illegally logged into the firm’s data network and stole sensitive information by sending data files to his personal e-mail address.
The company, which provides market research, data collection, analytics and online marketing services to global clients, has approached the police with a complaint that the suspected data thief is about to join a rival company in Chennai, armed with sensitive information belonging to his former employers.
On June 24, the CCIC received a complaint from two officials from Ugam Solutions based at Malad Link Road in Goregaon (West), regarding the data theft. “We have received a complaint regarding data theft from Ugam Solutions by a former employee, and the Cyber Crime Cell is conducting preliminary inquiries in the matter,” Joint Commissioner of Police (Crime) Rakesh Maria said.
According to the company’s website, with over 800 professionals across Mumbai, London, San Francisco and Chicago, Ugam Solutions is an Indian-owned company with a global presence, and one of the world’s largest providers of market research outsourcing services.
The company informed the police that on a Sunday last month, a senior programmer who had not been showing up at work for several days reported to office. Since he had been absent for several days, his access to the office through a swipe card had been blocked by technicians. However, since the watchman at the office recognised him as an employee, he was let in after he signed his name in a visitor's entry book.
When his superiors later learns that the senior programmer had visited the office on a holiday, their suspicions were aroused. On alerting the technical staff of the company, investigations revealed that the employee had logged into the office’s internal network and sent himself data files containing sensitive information.
“The company’s investigations revealed that a senior programmer, who did not have access to the company’s internal network from outside office, entered the office on a holiday and sent confidential and sensitive data of about 4 MB size to his personal e-mail address. He never returned to the office after that. The company now fears that this man is about to take its trade secrets and join a rival company in Chennai,” said a police source, on conditions of anonymity.
When contacted, Iran Kareem, vice president (Finance) at Ugam said: “There has been an attempt at data pilferage, in which a former employee has accessed our proprietory methodology.”
By Sagnik Chowdhury
Showing posts with label data breach. Show all posts
Showing posts with label data breach. Show all posts
Sunday, July 6, 2008
Customers warned of data grab - 03 Jul 2008
SPRINGFIELD - Freedom Credit Union is warning customers of a security breach whereby debit card data was electronically captured by individuals who may have used it in a counterfeit scheme.
"We have been notified that your Debit card number was one of several obtained during the arrest and indictment of individuals in Eastern Europe and the United States," reads a June 27 letter from Freedom Credit Union to certain customers.
In response, the credit union has issued new debit cards and PIN numbers to affected customers.
Allen W. Reed, the credit union's information technology administrator, could not say yesterday how many cards were involved.
He said that such incidents are unfortunately common in the banking world.
According to the letter, Freedom Credit Union cards have been linked to points of purchase where criminals were able to capture debit card data. Freedom Credit Union reported cards stolen as of Monday, and then issued replacement cards and new PIN numbers, according to the letter.
The credit union told customers that existing cards "will be coded as stolen in our sytem on Monday, July 30," and that they should contact the credit union at (413) 750-5749 if they want to stop using their cards sooner.
Customers should expect to receive their new debit cards and PIN numbers in separate mailings within the next week to 10 business days.
Freedom Credit Union has offices in Springfield, Northampton, Chicopee, and Turners Falls.
By JIM KINNEY
"We have been notified that your Debit card number was one of several obtained during the arrest and indictment of individuals in Eastern Europe and the United States," reads a June 27 letter from Freedom Credit Union to certain customers.
In response, the credit union has issued new debit cards and PIN numbers to affected customers.
Allen W. Reed, the credit union's information technology administrator, could not say yesterday how many cards were involved.
He said that such incidents are unfortunately common in the banking world.
According to the letter, Freedom Credit Union cards have been linked to points of purchase where criminals were able to capture debit card data. Freedom Credit Union reported cards stolen as of Monday, and then issued replacement cards and new PIN numbers, according to the letter.
The credit union told customers that existing cards "will be coded as stolen in our sytem on Monday, July 30," and that they should contact the credit union at (413) 750-5749 if they want to stop using their cards sooner.
Customers should expect to receive their new debit cards and PIN numbers in separate mailings within the next week to 10 business days.
Freedom Credit Union has offices in Springfield, Northampton, Chicopee, and Turners Falls.
By JIM KINNEY
Friday, June 27, 2008
HMRC slammed over major data breach - ukpress.google.com
Serious institutional deficiencies at HM Revenue and Customs were to blame for Britain's worst-ever breach of personal data security, when details of 25 million people were lost in the post, according to two reports.
Investigators from the Independent Police Complaints Commission found that HMRC procedures for handling sensitive data were "woefully inadequate" and staff adopted a "muddle through" ethos to confidential personal records.
And a separate report by consultant Kieran Poynter found that last October's loss of two computer discs containing the names, addresses and bank details of every child benefit claimant in the country was "entirely avoidable" and raised "serious questions of governance and accountability" at HMRC.
The UK's data watchdog, Information Commissioner Richard Thomas, warned that he would prosecute the agency if it did not improve its handling of private information. He issued formal enforcement notices against HMRC and the Ministry of Defence, which was the subject of a third critical report into its loss of 600,000 recruits' details on a stolen laptop.
Chancellor of the Exchequer Alistair Darling apologised "unreservedly" for the security breach, and assured the House of Commons that measures were already under way to tighten up procedures at HMRC.
The Government has accepted all 45 of Mr Poynter's recommendations and the new chairman of HMRC Mike Clasper has committed £155 million over the next three years to improving security, he said.
But his Conservative shadow George Osborne said that the reports gave a "truly devastating account of incompetence and systemic failure at the heart of this Government".
He said that the reports had "comprehensively blown out of the water" the claims made by Mr Darling and Prime Minister Gordon Brown at the time of the incident that the breach was the responsibility of a junior official breaking the rules. The IPCC report found that no individual was to blame for the loss of the discs, which have never been found.
Instead, the Government agency was accused of wholesale failings in institutional practices and procedures. Staff worked on confidential data without adequate support, training or guidance and there was no coherent strategy for mass data handling.
Officials were so ignorant about data security that when the CDs were lost, they simply sent another set, and it was three weeks before the loss was reported, setting in train a series of events which sparked a national outcry.
Investigators from the Independent Police Complaints Commission found that HMRC procedures for handling sensitive data were "woefully inadequate" and staff adopted a "muddle through" ethos to confidential personal records.
And a separate report by consultant Kieran Poynter found that last October's loss of two computer discs containing the names, addresses and bank details of every child benefit claimant in the country was "entirely avoidable" and raised "serious questions of governance and accountability" at HMRC.
The UK's data watchdog, Information Commissioner Richard Thomas, warned that he would prosecute the agency if it did not improve its handling of private information. He issued formal enforcement notices against HMRC and the Ministry of Defence, which was the subject of a third critical report into its loss of 600,000 recruits' details on a stolen laptop.
Chancellor of the Exchequer Alistair Darling apologised "unreservedly" for the security breach, and assured the House of Commons that measures were already under way to tighten up procedures at HMRC.
The Government has accepted all 45 of Mr Poynter's recommendations and the new chairman of HMRC Mike Clasper has committed £155 million over the next three years to improving security, he said.
But his Conservative shadow George Osborne said that the reports gave a "truly devastating account of incompetence and systemic failure at the heart of this Government".
He said that the reports had "comprehensively blown out of the water" the claims made by Mr Darling and Prime Minister Gordon Brown at the time of the incident that the breach was the responsibility of a junior official breaking the rules. The IPCC report found that no individual was to blame for the loss of the discs, which have never been found.
Instead, the Government agency was accused of wholesale failings in institutional practices and procedures. Staff worked on confidential data without adequate support, training or guidance and there was no coherent strategy for mass data handling.
Officials were so ignorant about data security that when the CDs were lost, they simply sent another set, and it was three weeks before the loss was reported, setting in train a series of events which sparked a national outcry.
Sunday, June 22, 2008
Fraudulent ATM transactions overseas could be tied to Indiana bank breach - computerworld.com - 19 Jun 2008
A server intrusion at 1st Source Bank in South Bend took place in May
A flurry of fraudulent ATM transactions in recent days in countries such as Russia, Ukraine, Turkey and the Czech Republic may be tied to a server intrusion at 1st Source Bank in South Bend, Ind.
So far, the fraud appears to have affected at least 200 consumers who belong to more than half a dozen banks and credit unions in the state, according to local media reports. Among those reportedly affected are customers of 1st Source, Teachers Credit Union (TCU) and Farm Bureau Credit Union.
Representatives from TCU and Farm Bureau did not immediately respond to a request for comment. Neither did the St. Joseph's County Police Department in Indiana, where a large number of affected consumers reported being victimized by fraudulent automated teller machine transactions.
James Seitz, a vice president at 1st Source, today said it is "reasonable" to assume that the fraudulent transactions are linked to an intrusion into one of the bank's servers on May 12.
The breached server contained debit card transaction data belonging to customers of 1st Source and other financial institutions who used 1st Source ATMs. Seitz confirmed that the information in that server was stolen by hackers, but he refused to say how many records were stolen or how many individuals may have been affected.
After the breach was discovered, the bank immediately "shut down" all of its own cards that were compromised, Seitz said. He refused to disclose how many cards 1st Source blocked and reissued.
The bank also compiled a list of all the other cards that were on the affected system and informed the major credit card companies about the breach, he said.
According to Seitz, much of the fraudulent transactions being reported appear to have taken place over the weekend. Since then, the transactions have "slowed down significantly," he said. Most of the withdrawals were for amounts of $200 or $300 or whatever the daily limits for each card might be.
The incident highlights the international nature of cybercrime and the global market for stolen credit card and bank data. A report released yesterday by security vendor Finjan Inc. noted that the underground market is flooded with stolen credit and debit card data, leading to its easy availability and commodity pricing. According to Finjan, stolen credit and debit card data, which retailed for $100 per card a few months ago, these days costs just about $20 per card and can often be purchased after little more than a Google search.
A flurry of fraudulent ATM transactions in recent days in countries such as Russia, Ukraine, Turkey and the Czech Republic may be tied to a server intrusion at 1st Source Bank in South Bend, Ind.
So far, the fraud appears to have affected at least 200 consumers who belong to more than half a dozen banks and credit unions in the state, according to local media reports. Among those reportedly affected are customers of 1st Source, Teachers Credit Union (TCU) and Farm Bureau Credit Union.
Representatives from TCU and Farm Bureau did not immediately respond to a request for comment. Neither did the St. Joseph's County Police Department in Indiana, where a large number of affected consumers reported being victimized by fraudulent automated teller machine transactions.
James Seitz, a vice president at 1st Source, today said it is "reasonable" to assume that the fraudulent transactions are linked to an intrusion into one of the bank's servers on May 12.
The breached server contained debit card transaction data belonging to customers of 1st Source and other financial institutions who used 1st Source ATMs. Seitz confirmed that the information in that server was stolen by hackers, but he refused to say how many records were stolen or how many individuals may have been affected.
After the breach was discovered, the bank immediately "shut down" all of its own cards that were compromised, Seitz said. He refused to disclose how many cards 1st Source blocked and reissued.
The bank also compiled a list of all the other cards that were on the affected system and informed the major credit card companies about the breach, he said.
According to Seitz, much of the fraudulent transactions being reported appear to have taken place over the weekend. Since then, the transactions have "slowed down significantly," he said. Most of the withdrawals were for amounts of $200 or $300 or whatever the daily limits for each card might be.
The incident highlights the international nature of cybercrime and the global market for stolen credit card and bank data. A report released yesterday by security vendor Finjan Inc. noted that the underground market is flooded with stolen credit and debit card data, leading to its easy availability and commodity pricing. According to Finjan, stolen credit and debit card data, which retailed for $100 per card a few months ago, these days costs just about $20 per card and can often be purchased after little more than a Google search.
Thursday, June 12, 2008
Most data breaches discovered too late, study says - networkworld.com - 11 Jun 2008
Most companies only learn about network data breaches in the months after their data has already been compromised, according to a new study.
The study, conducted by Verizon Business, looks at data breaches in a wide variety of industries, such as retail, food and beverage, technology services and financial services, and examines more than 500 forensics investigations comprising roughly 230 million records over a period of four years.
Looking at the big picture, the study finds that three-fourths of all data breaches lead to compromised data within a matter of days. Despite this, the study also finds that 63% of enterprises don’t learn about data breaches until months after their data has been compromised. What’s more, 70% of all data breaches are discovered by third parties, such as customers or banks, meaning that most companies have no idea that their data has been compromised until they are alerted by an outside voice.And even after breaches are discovered, the study finds that nearly half of them take weeks to fix, while only 37% are fixed within a matter of days or hours.
A strong majority (73%) of enterprise data breaches come from external sources, while only 18% come from internal sources such as IT administrators or employees. However, while internal data breaches are far less common than external data breaches, they are far more damaging to data security: a median of 375,000 records are compromised during internal security breaches, compared with a median of 30,000 for external security breaches, according to the study.
The most popular method for breaching company data is hacking, which accounts for 59% of all data breaches studied. Thirty-nine percent of all hacks occur at the application or service layer, while 23% occur at the operating system or platform layer. Interestingly, the study finds that 18% of all hacks exploit known data vulnerabilities. Of these known vulnerabilities, full nine-tenths had patches available for six months prior to the breach.
The study lists several ways for businesses to guard themselves against future data breaches, most of which do not require a heavy investment in upgrading IT infrastructure. In the first place, the study says that companies fail to actually enact their established security policies. The study also notes that 83% of all network attacks are not difficult attacks to thwart, and the 85% are opportunistic attacks that are not directed against a particular entity but are rather initiated randomly through techniques such as phishing.
What’s more, the study finds that evidence of 82% of all breaches studied is available to the victims but that this evidence is not noticed or acted upon. Thus, the study recommends that enterprises concentrate on enforcing the basics of data security – such as actively monitoring data logs and creating data retention plans – before they take extra precautions against sophisticated hacking or malware assaults.
“Security breaches and the compromise of sensitive data are very real and growing concerns for organizations worldwide,” says Peter Tippett, vice president of research and intelligence for Verizon Business Security Solutions. “This can help companies better understand data breaches. . . . Most importantly, it urges organizations to be proactive in their approach to security.”
By Brad Reed
University of Florida Warns 11,300 Students of Data Breach - itbusinessedge.com - 11 Jun 2008
The names, addresses and Social Security numbers of nearly 12,000 current and former University of Florida students were accidentally posted online. The university has mailed notification letters to 11,300 students whose information may have been compromised, according to this Associated Press article on FOXNews.com. Officials could not find contact information for another 570 students.
The Sarasota Herald-Tribune reports that the breach occurred when the Office for Academic Support and Institutional Service created online records of students. Student Employees wanted to work with the information from off-campus locations, but failed to install appropriate security measures.
The information has been removed, and the university doesn’t believe any of the data was used inappropriately.
The University of Florida isn’t the only college to make headlines for security breaches. Earlier this week, we reported about a stolen Stanford University laptop that compromised the information of 72,000 current and former employees. And 155 medical and graduate students at the University of California-Irvine were victims of a scam after hackers used information from their health insurance plans to collect tax returns.
By Susan Hall
The Sarasota Herald-Tribune reports that the breach occurred when the Office for Academic Support and Institutional Service created online records of students. Student Employees wanted to work with the information from off-campus locations, but failed to install appropriate security measures.
The information has been removed, and the university doesn’t believe any of the data was used inappropriately.
The University of Florida isn’t the only college to make headlines for security breaches. Earlier this week, we reported about a stolen Stanford University laptop that compromised the information of 72,000 current and former employees. And 155 medical and graduate students at the University of California-Irvine were victims of a scam after hackers used information from their health insurance plans to collect tax returns.
By Susan Hall
Wednesday, June 11, 2008
Card details stolen in web hack - BBC News - 10 Jun 2008
The credit card details of up to 38,000 customers of clothing firm Cotton Traders were stolen following a hack of its website, BBC News has learned.
The firm has not confirmed the size of the breach but it has acknowledged the site was attacked early this year.
It said Barclaycard was contacted as soon as it learned of the attack, and most cards were stopped in January.
The payment industry's trade body said it was serious because hackers accessed details for "card not present" fraud.
Apacs, the trade association for the payment industry, said a specialist police force was investigating the case.
Cotton Traders was founded by ex-England rugby captains Fran Cotton and Steve Smith and has one million customers.
In a statement, Cotton Traders said all of its customers' credit card data was encrypted on the website.
'Security issue'
It said: "Earlier this year we identified a security issue. We immediately brought in industry security experts to resolve the problem.
"Cotton Traders have recently upgraded all security on their website which has been validated by leading Industry experts."
It added: "We would like to reassure all our customers that their data is secure and that the Cotton Traders website meets all leading Industry security standards."
BBC News has learned that customer addresses were also stolen in the hack.
The breach follows last year's attack on the website of TK Maxx, in which 45 million card details were lost.
In that case, data was accessed on the firm's computer systems over a 16-month period and covered transactions made by credit and debit cards dating as far back as December 2002.
The exact method used to hack the Cotton Traders website is not known.
The firm has said customers worried about their cards should contact their card provider.
The firm has not confirmed the size of the breach but it has acknowledged the site was attacked early this year.
It said Barclaycard was contacted as soon as it learned of the attack, and most cards were stopped in January.
The payment industry's trade body said it was serious because hackers accessed details for "card not present" fraud.
Apacs, the trade association for the payment industry, said a specialist police force was investigating the case.
Cotton Traders was founded by ex-England rugby captains Fran Cotton and Steve Smith and has one million customers.
In a statement, Cotton Traders said all of its customers' credit card data was encrypted on the website.
'Security issue'
It said: "Earlier this year we identified a security issue. We immediately brought in industry security experts to resolve the problem.
"Cotton Traders have recently upgraded all security on their website which has been validated by leading Industry experts."
It added: "We would like to reassure all our customers that their data is secure and that the Cotton Traders website meets all leading Industry security standards."
BBC News has learned that customer addresses were also stolen in the hack.
The breach follows last year's attack on the website of TK Maxx, in which 45 million card details were lost.
In that case, data was accessed on the firm's computer systems over a 16-month period and covered transactions made by credit and debit cards dating as far back as December 2002.
The exact method used to hack the Cotton Traders website is not known.
The firm has said customers worried about their cards should contact their card provider.
Thursday, June 5, 2008
1st Source Bank replacing debit cards after security breach - 04 Jun 2008
SOUTH BEND, Ind. - 1st Source Bank said it would replace debit cards for all its account holders following a security breach. An official for the South Bend-based bank said it had not received any reports of suspicious activity.
"Out of an overabundance of care, we're reissuing new debit cards to all our customers," said James Seitz, senior vice president of consumer and electronic banking. A security consulting firm alerted the bank after discovering the breach on May 12, the day it occurred. The bank shut down its computer system and contacted authorities.
"We are working with law enforcement to find these bad guys, and we didn't want to tip them off," said Seitz. Last week, the bank mailed letters to customers asking them to monitor their accounts for suspicious activity.Seitz said the letters were not mailed sooner due to the "complex" nature of the investigation. The bank said it also was monitoring ATM transactions.
1st Source also said it had hired a firm to review its computer security and has made some changes as a result. The bank said it would offer a security service that normally costs $4.95 per month free for one year to customers who requested it.
"We're certainly not holding any of our customers financially responsible for any transactions related to this breach," Seitz said. The new debit cards are expected to arrive next week.
Tuesday, June 3, 2008
Patient Information Exposed in Data Breach at Walter Reed - consumeraffairs.com - 03 Jun 2008
Army hospital says 1,000 patients may be affected
Patients at Walter Reed Army Medical Center and other military hospitals had their personal information exposed in a security breach, officials said. As many as 1,000 patients may have been affected.
Details are scarce but Walter Reed officials said that the breach, which included names, Social Security numbers, and birth dates, was discovered on May 21 by a third-party data mining company, which the hospital did not identify.
Officials said the company found the exposed file while on another assignment and contacted Walter Reed.
The Associated Press reported that Walter Reed officials would only confirm that the data was found on a "non-governmental, non-secure network."
Walter Reed is contacting patients who were affected by the breach, and has set up a toll-free hotline (1-877-854-8542, ext. 9) for patients to determine if they were affected. Individuals affected by the breach will have credit monitoring services provided for them, the hospital said.
Government and military installations have encountered numerous forms of data breaches in recent years, from lost laptops, to accidental posting of information online, to sharing data without proper security precautions.
The biggest known government data breach on record remains the loss of records on 26.5 million veterans when a laptop containing the data was stolen from the home of an analyst for the Veterans' Administration (VA).
The laptop was eventually recovered, but not before investigators admitted keeping the breach secret for several weeks, as well as hiding several other breaches that had taken place during the last few years.
Other breaches included the accidental unencrypted transmission of 580,000 military members' personal data by contracting company SAIC in July 2007. SAIC had been handling health care processing claims for TRICARE, the military medical network, and had been assisting multiple branches of the military as well as the Department of Homeland Security (DHS).
The extensive outsourcing of many governmental and military functions to private contractors has been criticized as a potential threat to national security.
In 2006 a report by the Government Accountability Office (GAO) criticized the trend, particularly in cases when contractors who had received outsourced government information then subcontracted the data out to third-party companies, many of which were located outside the United States.
By Martin H. Bosworth
Saturday, May 31, 2008
Bank loses tapes with data on 4.5M clients - computerworld.com - 30 May 2008
Connecticut AG blasts BNY Mellon for failing to notify victims for three months
May 30, 2008 (Computerworld) Bank of New York Mellon Corp. officials last week confirmed that a box of unencrypted data storage tapes holding personal information of more than 4.5 million individuals was lost more than three months ago by a third-party vendor during transport to an off-site facility.
The bank informed the Connecticut State Attorney General's Office that the tapes belonging to its BNY Mellon Shareowner Services division were lost in transport by off-site storage firm Archive America on Feb. 27. The missing backup tapes include names, birth dates, Social Security numbers, and other information from customers of BNY Mellon and the People's United Bank in Bridgeport, Conn., according to a statement by Connecticut Attorney General Richard Blumenthal.
Archive America refused to comment about the missing backup tape, citing confidentiality agreements. A People's United Bank spokesman could not be reached for comment.
BNY Mellon Shareowner Services, which includes handling employee stock option plans, said that it has begun notifying affected clients. It contended that none of the unencrypted data has been accessed or used.
"We'd like to provide people with a more current characterization [of what happened], but we are not yet in a position to make that available," said BNY Mellon spokesman Ron Sommer. "Our intention is to make it available as soon as we can."
Blumenthal said that the bank's offer of a year of freed credit monitoring to those affected by the breach is "grossly inadequate." He also slammed the bank for not promptly notifying customers of the security breach.
"The loss of this tape — so far unrecovered and unremedied — is inexplicable and unacceptable," wrote Blumenthal. "I am especially concerned by the delay in informing customers, possibly heightening the risks of wrongdoing."
Blumenthal said that he is working with the New York and New Jersey attorneys general and the Connecticut Department of Consumer Protection to investigate the breach. Further, he said that he is pressing the bank to explain how some backup tapes disappeared while others on the same van arrived intact at the Archive America facility.
This week, a lawyer representing 40 affected individuals filed a class-action lawsuit against the New York bank in Connecticut Superior Court. Attorney Michael Stratton, who represents the plaintiffs, said he is seeking up to seven years of free credit monitoring and credit insurance for customers, along with unspecified damages.
"It's inconceivable to me that you have unencrypted data on tapes being transported and stored. I can't imagine why you wouldn't have a sophisticated encryption program to make it virtually impossible to break the code even if they were to become lost," remarked Stratton
Thursday, May 29, 2008
City BPO accused of data theft - TOI Ahmedabad - 29 May 2008
Ahmedabad: It could well be one of the biggest data thefts in the country. An Ahmedabad based BPO owner, Maulik Dave, has been accused of data theft from a Florida-based company and selling them to its rival companies in the US.
Dave stole data worth Rs 1 crore from the company. With the help of his accomplice based in the US, Milan Dabhi, he sold the data to competitors of the company in the US.
The nondescript office of Business Bee Solutions along the SG Road, a BPO working in the IT sector, has been closed for three months soon after Florida-based company Noble Ventures Inc. cancelled their contract with Dave. He then shifted his operations to his home in Vejalpur. Dave had got a contract for two years for designing and maintenance of the website of Noble Ventures Inc. This company provides customer database of 1.25 crore US citizens to various marketing companies in the US and also has a client-base in other international markets.
When his contract got cancelled, Dave tapped into the data bank of Noble Ventures Inc., and stole 85 lakh records and sold it to the company’s rivals in the US.
The US company smelt a rat and sent an email to the Ahmedabad city crime branch. Investigations revealed that Dave had indeed tapped into the server of Noble Ventures Inc.
On Wednesday, assistant commissioner of police, crime branch, Usha Rada, led a raiding party to Dave’s house in Vejalpur. Dave has been arrested and booked for data theft, his computer has also been seized. “The US company owners got suspicious when they detected data loss from the server. When they started retrieving the data, they came upon etraces of Dave. Then the company mailed us,” said Rada.
“The cost of data stolen is estimated to be no less than Rs one crore. However, officials said that it is just the first data block. There could be more,” said investigating police officers.
Police are also scrutinizing two computers, three laptops and three outer storage devices that contains data. Officials will present Dave in court on Thursday to get his remand for further information. How Dave got the password The Florida company had given Dave the password to access their server in January, as he claimed that he often faced server connection error.
In March, the contract ended and Dave started his illegal activities.
Officials explained that Dave had sought the password and user ID on pretext of server connection error. But, he later started using it to steal the database that included EIN, SSN, TAX IDs along with other information of 1.25 crore residents of the US and other countries.
“We are hunting for other accused Milan, who worked as an executive for another unit of Noble Ventures in the US. We are in possession of Dave’s financial transactions that indicate that he had financial transactions with Dabhi. He was one of the key persons who marketed the database to other customers in the US. The duo also sent some of the sample data to two major companies,” said Rada.
Parth Shastri TNN
Dave stole data worth Rs 1 crore from the company. With the help of his accomplice based in the US, Milan Dabhi, he sold the data to competitors of the company in the US.
The nondescript office of Business Bee Solutions along the SG Road, a BPO working in the IT sector, has been closed for three months soon after Florida-based company Noble Ventures Inc. cancelled their contract with Dave. He then shifted his operations to his home in Vejalpur. Dave had got a contract for two years for designing and maintenance of the website of Noble Ventures Inc. This company provides customer database of 1.25 crore US citizens to various marketing companies in the US and also has a client-base in other international markets.
When his contract got cancelled, Dave tapped into the data bank of Noble Ventures Inc., and stole 85 lakh records and sold it to the company’s rivals in the US.
The US company smelt a rat and sent an email to the Ahmedabad city crime branch. Investigations revealed that Dave had indeed tapped into the server of Noble Ventures Inc.
On Wednesday, assistant commissioner of police, crime branch, Usha Rada, led a raiding party to Dave’s house in Vejalpur. Dave has been arrested and booked for data theft, his computer has also been seized. “The US company owners got suspicious when they detected data loss from the server. When they started retrieving the data, they came upon etraces of Dave. Then the company mailed us,” said Rada.
“The cost of data stolen is estimated to be no less than Rs one crore. However, officials said that it is just the first data block. There could be more,” said investigating police officers.
Police are also scrutinizing two computers, three laptops and three outer storage devices that contains data. Officials will present Dave in court on Thursday to get his remand for further information. How Dave got the password The Florida company had given Dave the password to access their server in January, as he claimed that he often faced server connection error.
In March, the contract ended and Dave started his illegal activities.
Officials explained that Dave had sought the password and user ID on pretext of server connection error. But, he later started using it to steal the database that included EIN, SSN, TAX IDs along with other information of 1.25 crore residents of the US and other countries.
“We are hunting for other accused Milan, who worked as an executive for another unit of Noble Ventures in the US. We are in possession of Dave’s financial transactions that indicate that he had financial transactions with Dabhi. He was one of the key persons who marketed the database to other customers in the US. The duo also sent some of the sample data to two major companies,” said Rada.
Parth Shastri TNN
Monday, May 26, 2008
Most Retailer Breaches Are Not Disclosed, Gartner Says - pcworld.com - 23 May 2008
While nearly half of U.S. retailers have been hit with some kind of information security attack, only a small percentage of them have actually reported breaches to their customers, research company Gartner reports.
In a new study based on interviews with 50 U.S. retailers, Gartner found that 21 of them were certain they had had a data breach. However, just three of the retailers had disclosed the incident to the public.
The small number of retailers in the survey make it impossible to draw any firm conclusions from the data, but it does underscore a noteworthy trend, said Gartner analyst Avivah Litan. "Sensitive data is being stolen and most of the time it's not being disclosed," she said. "There are a lot more breaches than we hear about."
Many states now have laws that require that consumers be notified when their personal information is compromised, but the bad publicity that results from such disclosures has made retailers reluctant to make them, she said. "They see what happens to companies like TJX and Hannaford and they don't want to call attention to themselves unless they need to."
Litan didn't know whether the retailers had broken state laws by not informing their customers of the breaches, but she said it was a possibility. Some of the breaches may have happened before applicable state laws were in effect.
In 2006, data thieves were able to get access to an estimated 94 million payment card numbers by hacking TJX's computer systems. The retailer has set aside a US$107 million reserve fund to cover lawsuits from credit card issuers that stem from the breach. At the Hannaford Bros. supermarket chain, criminals stole an estimated 4.2 million account numbers after computers there were hacked. That breach was disclosed in March.
Gartner counted phishing attacks and data compromises at third parties as breaches, along with lost or stolen laptops, insider breaches and computer hacking attacks.
Litan said four of the retailers had been fined by credit card companies for not meeting Payment Card Industry (PCI) compliance requirements. Another 11 were threatened with fines for noncompliance.
Data breaches at retailers are the top cause of credit and debit card theft, accounting for about 20 percent of all incidents, Gartner said.
And this type of crime is not going away. Credit card companies predict that payment card fraud rates will double over the next two years, the research company said.
In a new study based on interviews with 50 U.S. retailers, Gartner found that 21 of them were certain they had had a data breach. However, just three of the retailers had disclosed the incident to the public.
The small number of retailers in the survey make it impossible to draw any firm conclusions from the data, but it does underscore a noteworthy trend, said Gartner analyst Avivah Litan. "Sensitive data is being stolen and most of the time it's not being disclosed," she said. "There are a lot more breaches than we hear about."
Many states now have laws that require that consumers be notified when their personal information is compromised, but the bad publicity that results from such disclosures has made retailers reluctant to make them, she said. "They see what happens to companies like TJX and Hannaford and they don't want to call attention to themselves unless they need to."
Litan didn't know whether the retailers had broken state laws by not informing their customers of the breaches, but she said it was a possibility. Some of the breaches may have happened before applicable state laws were in effect.
In 2006, data thieves were able to get access to an estimated 94 million payment card numbers by hacking TJX's computer systems. The retailer has set aside a US$107 million reserve fund to cover lawsuits from credit card issuers that stem from the breach. At the Hannaford Bros. supermarket chain, criminals stole an estimated 4.2 million account numbers after computers there were hacked. That breach was disclosed in March.
Gartner counted phishing attacks and data compromises at third parties as breaches, along with lost or stolen laptops, insider breaches and computer hacking attacks.
Litan said four of the retailers had been fined by credit card companies for not meeting Payment Card Industry (PCI) compliance requirements. Another 11 were threatened with fines for noncompliance.
Data breaches at retailers are the top cause of credit and debit card theft, accounting for about 20 percent of all incidents, Gartner said.
And this type of crime is not going away. Credit card companies predict that payment card fraud rates will double over the next two years, the research company said.
Saturday, May 24, 2008
People's Bank customers at risk from data breach - theday.com - 22 May 2008
Several hundred thousand People's United Bank customers in Connecticut have been hit by a data breach that potentially exposed their personal information, state Attorney General Richard Blumenthal said Wednesday.
Blumenthal said The Bank of New York Mellon lost an unencrypted backup tape provided by Bridgeport-based People's Bank, resulting in the data breach involving about 4.5 million accounts. The tape included bank account information, Social Security numbers and other data about depositors and investors tied to the bank, he said.
This security breach seems highly dangerous, indeed possibly devastating in light of the identity theft threat,” Blumenthal said in a statement. People's Bank has 10 locations in southeastern Connecticut, including five at local Stop & Shops. The bank has more than 150 locations throughout the state.
A People's Bank spokesman denied any knowledge of the data breach Wednesday afternoon before the official announcement at a Hartford press conference. He and a spokesman for Bank of New York Mellon could not be reached after the announcement.
Blumenthal was particularly concerned with the amount of time that elapsed between the discovery of the data breach and the reporting of it. Bank of New York lost the information in February but didn't start informing consumers until six weeks ago, he said.
Blumenthal first heard about the breach earlier this week, he said
Blumenthal said the Bank of New York Mellon on Feb. 27 gave an unencrypted backup tape as well as nine other tapes to a storage firm, Archive Systems Inc. of Fairfield, N.J., which was assigned to store the information. But when a storage company vehicle arrived at the storage facility, one of the tapes could not be found.
According to a letter from Blumenthal to the Bank of New York, a lock on the truck was broken, and the truck had been left unattended several times.
”The loss of this tape - so far unrecovered and unremedied - is inexplicable and unacceptable,” Blumenthal said. “It must be addressed by protective measures to forestall identity theft immediately.”
The banks are cooperating with Blumenthal's office to determine exactly how many Connecticut residents are affected by the breach.
Blumenthal, in a letter dated Wednesday, asked the Bank of New York to respond to a series of questions about the data breach. He requested detailed information about what was lost and how the bank has notified consumers about the loss. He also asked the bank to detail other instances in which it had lost back-up tapes.
This is not the first time that loss of personal information has affected People's Bank customers.
He termed as inadequate the Bank of New York's offer to pay customers for one year of credit monitoring. He said two years of monitoring and $25,000 in identity theft insurance as well as free credit freezes would be more appropriate.
In January 2006, the company revealed that a computer tape with information about 90,000 customers had been lost in transit by United Parcel Service. The tape was bound for TransUnion, a credit-reporting bureau in Woodlyn, Pa.
The state itself was hit by a data breach last year when a laptop containing information about more than 100,000 taxpayers was stolen. Other breaches last year with strong local ties included more than 54,000 records released during a series of lapses at Pfizer Inc. as well as another incident affecting 2,000 patients at The Westerly Hospital.
But none of these breaches comes close to a record for the release of personal information. That dubious distinction belongs to TJX Co., parent firm of T.J. Maxx and other retailers, which had more than 94 million credit- and debit-card numbers stolen by a hacker last year.
Other major breaches have involved Visa, MasterCard and American Express, which released data on 40 million customers in June 2005; Citigroup, 30 million just a few days earlier; America Online, 30 million in June 2004; the U.S. Department of Veterans Affairs, 26.5 million in May 2006; and HM Revenue & Customs, 20 million in November 2007.
After a previous breach last year, Blumenthal sued a company for negligence, unauthorized use of state property and breach of contract in connection with data involving 58 taxpayers, hundreds of state bank accounts and other information. The company, Accenture, said its procedures were not followed because of human error.
Last year, fewer data breaches were reported in the United States than in the year before, but the lapses were more severe. While 346 incidents were reported two years ago resulting in about 50 million record breaches, last year's totals were 310 incidents and a whopping 162 million exposures, according to the Privacy Rights Clearinghouse.
Five of the top 10 data breaches of all time occurred last year.
Before the People's Bank incident, the two biggest data breaches of the year involved the University of Miami in Florida, with the records of 2.1 million people released; and Hannaford Bros. Supermarket chain in Portland, Maine, 4.2 million.
l.howard@theday.com
Blumenthal said The Bank of New York Mellon lost an unencrypted backup tape provided by Bridgeport-based People's Bank, resulting in the data breach involving about 4.5 million accounts. The tape included bank account information, Social Security numbers and other data about depositors and investors tied to the bank, he said.
This security breach seems highly dangerous, indeed possibly devastating in light of the identity theft threat,” Blumenthal said in a statement. People's Bank has 10 locations in southeastern Connecticut, including five at local Stop & Shops. The bank has more than 150 locations throughout the state.
A People's Bank spokesman denied any knowledge of the data breach Wednesday afternoon before the official announcement at a Hartford press conference. He and a spokesman for Bank of New York Mellon could not be reached after the announcement.
Blumenthal was particularly concerned with the amount of time that elapsed between the discovery of the data breach and the reporting of it. Bank of New York lost the information in February but didn't start informing consumers until six weeks ago, he said.
Blumenthal first heard about the breach earlier this week, he said
Blumenthal said the Bank of New York Mellon on Feb. 27 gave an unencrypted backup tape as well as nine other tapes to a storage firm, Archive Systems Inc. of Fairfield, N.J., which was assigned to store the information. But when a storage company vehicle arrived at the storage facility, one of the tapes could not be found.
According to a letter from Blumenthal to the Bank of New York, a lock on the truck was broken, and the truck had been left unattended several times.
”The loss of this tape - so far unrecovered and unremedied - is inexplicable and unacceptable,” Blumenthal said. “It must be addressed by protective measures to forestall identity theft immediately.”
The banks are cooperating with Blumenthal's office to determine exactly how many Connecticut residents are affected by the breach.
Blumenthal, in a letter dated Wednesday, asked the Bank of New York to respond to a series of questions about the data breach. He requested detailed information about what was lost and how the bank has notified consumers about the loss. He also asked the bank to detail other instances in which it had lost back-up tapes.
This is not the first time that loss of personal information has affected People's Bank customers.
He termed as inadequate the Bank of New York's offer to pay customers for one year of credit monitoring. He said two years of monitoring and $25,000 in identity theft insurance as well as free credit freezes would be more appropriate.
In January 2006, the company revealed that a computer tape with information about 90,000 customers had been lost in transit by United Parcel Service. The tape was bound for TransUnion, a credit-reporting bureau in Woodlyn, Pa.
The state itself was hit by a data breach last year when a laptop containing information about more than 100,000 taxpayers was stolen. Other breaches last year with strong local ties included more than 54,000 records released during a series of lapses at Pfizer Inc. as well as another incident affecting 2,000 patients at The Westerly Hospital.
But none of these breaches comes close to a record for the release of personal information. That dubious distinction belongs to TJX Co., parent firm of T.J. Maxx and other retailers, which had more than 94 million credit- and debit-card numbers stolen by a hacker last year.
Other major breaches have involved Visa, MasterCard and American Express, which released data on 40 million customers in June 2005; Citigroup, 30 million just a few days earlier; America Online, 30 million in June 2004; the U.S. Department of Veterans Affairs, 26.5 million in May 2006; and HM Revenue & Customs, 20 million in November 2007.
After a previous breach last year, Blumenthal sued a company for negligence, unauthorized use of state property and breach of contract in connection with data involving 58 taxpayers, hundreds of state bank accounts and other information. The company, Accenture, said its procedures were not followed because of human error.
Last year, fewer data breaches were reported in the United States than in the year before, but the lapses were more severe. While 346 incidents were reported two years ago resulting in about 50 million record breaches, last year's totals were 310 incidents and a whopping 162 million exposures, according to the Privacy Rights Clearinghouse.
Five of the top 10 data breaches of all time occurred last year.
Before the People's Bank incident, the two biggest data breaches of the year involved the University of Miami in Florida, with the records of 2.1 million people released; and Hannaford Bros. Supermarket chain in Portland, Maine, 4.2 million.
l.howard@theday.com
Hannford Data Breach: TD BankNorth Cards Compromised - bankinfosecurity.com 23 May 2008
NH Customers Notified; New Cards Issued
New Hampshire customers of TD BankNorth were notified earlier this week that their Visa debit or credit cards have been compromised, and the likeliest culprit is the recent Hannaford Brothers Supermarkets security breach.
"We became aware during the last few days that there was some fraudulent activity on some of our customer's credit card accounts," says Jennifer Carlson, TD BankNorth's spokesperson. "It was limited to New Hampshire. As far as the New Hampshire customers, they have been contacted and their accounts have been closed and new cards reissued." Carlson says the bank's privacy policy prevents the bank from giving out how many customers were involved.
Cards of the affected customers are being replaced as soon as fraud is detected. Instead of having a mass cancellation and reissuing its Visa debit and credit cards, the bank is relying on fraud-detection computer programs, which it says can monitor for fraud, and even decline transactions as they are being made.
Another bank, Citizens Bank, also located in the Northeast, took the immediate step after the breach to announce it was reissuing all credit cards of customers that had shopped at Hannaford, regardless whether they might have been involved in the breach.
In March, Hannaford announced that a security breach had compromised more than 4 million customer card numbers. (See related stories: Hannaford Data Breach: An Inside Job?; Hannaford Data Breach May be 'Tip of the Iceberg')
Carlson notes that the Hannaford breach isn't the only event that triggers fraud. "Fraudulent transactions happen every day, not just as a result of breaches," she says. "We encourage all of our customers to be vigilant in protecting their personal and financial information at all times."
Customers are also advised to review their bank statements online or when they arrive in the mail for any suspect transactions. "And always call the number on the back of the credit card when there is a problem with the card," she says.
New Hampshire customers of TD BankNorth were notified earlier this week that their Visa debit or credit cards have been compromised, and the likeliest culprit is the recent Hannaford Brothers Supermarkets security breach.
"We became aware during the last few days that there was some fraudulent activity on some of our customer's credit card accounts," says Jennifer Carlson, TD BankNorth's spokesperson. "It was limited to New Hampshire. As far as the New Hampshire customers, they have been contacted and their accounts have been closed and new cards reissued." Carlson says the bank's privacy policy prevents the bank from giving out how many customers were involved.
Cards of the affected customers are being replaced as soon as fraud is detected. Instead of having a mass cancellation and reissuing its Visa debit and credit cards, the bank is relying on fraud-detection computer programs, which it says can monitor for fraud, and even decline transactions as they are being made.
Another bank, Citizens Bank, also located in the Northeast, took the immediate step after the breach to announce it was reissuing all credit cards of customers that had shopped at Hannaford, regardless whether they might have been involved in the breach.
In March, Hannaford announced that a security breach had compromised more than 4 million customer card numbers. (See related stories: Hannaford Data Breach: An Inside Job?; Hannaford Data Breach May be 'Tip of the Iceberg')
Carlson notes that the Hannaford breach isn't the only event that triggers fraud. "Fraudulent transactions happen every day, not just as a result of breaches," she says. "We encourage all of our customers to be vigilant in protecting their personal and financial information at all times."
Customers are also advised to review their bank statements online or when they arrive in the mail for any suspect transactions. "And always call the number on the back of the credit card when there is a problem with the card," she says.
Wednesday, May 21, 2008
Hannaford Blamed For Recent Bank Data Breach - www.wcsh6.com - 20 May 2008
MANCHESTER, N.H. (AP) -- TD Banknorth says it has notified New Hampshire customers that their Visa debit or credit cards have been compromised, most likely because of the Hannaford Brothers Supermarkets security breach.
Bank spokeswoman Jennifer Carlson says the bank noticed the fraud cases. She said a privacy policy prevented her from saying how many customers were involved.
TD Banknorth says instead of having a mass cancellation and reissuing its Visa debit and credit cards, it's relying on fraud-detection computer programs which it says can monitor for fraud and even decline transactions as they are being made.
In March, Hannaford announced that a security breach had compromised more than 4 million customer card numbers
Bank spokeswoman Jennifer Carlson says the bank noticed the fraud cases. She said a privacy policy prevented her from saying how many customers were involved.
TD Banknorth says instead of having a mass cancellation and reissuing its Visa debit and credit cards, it's relying on fraud-detection computer programs which it says can monitor for fraud and even decline transactions as they are being made.
In March, Hannaford announced that a security breach had compromised more than 4 million customer card numbers
Wednesday, May 14, 2008
Hacker splashes data from six million Chileans on Internet: Yahoo report
SANTIAGO (AFP) - A hacker broke into Chile's government sites mining data from six million people which he then posted on the Internet on two popular servers for several hours, the El Mercurio daily have said.
The personal data included names, street and email addresses, telephone numbers, social and educational background, and was taken from Education Ministry, Electoral Service and state-run telephone companies' websites from late Saturday to early Sunday.
"Its a serious matter and we're investigating," Police Cibercrime Brigade chief Jaime Jara told the newspaper.
The data was displayed for several hours before authorities removed it on the technology information website "FayerWayer" and community website "ElAntro."
The hacker said on the websites he splashed the data "for the whole world to see ... (to) show how unprotected personal data is in Chile ... nobody bothers protecting that information."
The personal data included names, street and email addresses, telephone numbers, social and educational background, and was taken from Education Ministry, Electoral Service and state-run telephone companies' websites from late Saturday to early Sunday.
"Its a serious matter and we're investigating," Police Cibercrime Brigade chief Jaime Jara told the newspaper.
The data was displayed for several hours before authorities removed it on the technology information website "FayerWayer" and community website "ElAntro."
The hacker said on the websites he splashed the data "for the whole world to see ... (to) show how unprotected personal data is in Chile ... nobody bothers protecting that information."
Sunday, May 11, 2008
Four Arrested fro credit card Fraud - TOI Mumbai 10th May 08
Young, educated and masters of credit fraud
TIMES NEWS NETWORK
Mumbai: A BPO employee who masterminded a novel credit card scam running into a crore has been arrested by the Goregaon (E) police along with six of his well-educated associates. Prime accused Prakash Jadhav (25) was employed with Sparsh BPO in Goregaon since last July. The BPO was engaged in approving the credit limits of customers who applied to Barclays Bank for a credit card. Jadhav and his associates are all graduates, some of them having diplomas in computer hardware. The accused are technically sound, having worked in the past with computer firms, credit card companies, banks and printing presses. The is the first time they have been arrested, but the police suspect they could have committed similar frauds in the past. GOREGAON CASE Four arrested for credit card fraud
The Goregaon (E) police, who have arrested a BPO employee and six of his associates in the credit card scam, suspect they could have committed similar frauds in the past. According to the police, a customer who applies to Barclays Bank for a new credit card is first required to fill up a form with personal information and attach copies of necessary documents. The bank submits this data to the BPO, which processes it before evaluating the credit limit of the customer. The processed data is finally sent to CMS, a company which manufactures credit cards and couriers them to the customer’s residential address. Explaining the modus operandi of the racket, zonal deputy commissioner Shivaji Bodkhe said that Jadhav would make changes in the address, phone number and credit limit of customers. “The credit limit was increased, while a totally new address and phone number were assigned. The altered data was then forwarded to CMS which, by default, couriered the credit cards to the address mentioned. Now Jadhav’s gang-member would take the delivery of these cards, posing as a customer himself. He would also display a fake PAN card (manufactured by the gang) as identification proof,’’ Bodkhe said. The altered credit card was now used for shopping in malls and departmental stores. “The gang members would ask a shopowner to swipe the credit card and offer them a share of the cash received, instead of buying products from the shop. The money was then used to book two flats, buy cars and holidays out of town,’’ a senior police official said. The fraud went awry when Jadhav got into a dispute with an agent operating for the gang. “Apart from altering data of genuine credit card customers, Jadhav would also create fake identities (names and addresses of people who never existed) in the BPO’s computer system. An agent would be posted to take the delivery of such a card. Every agent was supposed to hand a commission to Jadhav. When one of them paid a smaller commission, Jadhav decided to teach him a lesson and reduced the credit limit on one of the altered card,’’ said a police officer. The management at Sparsh BPO smelt a rat last week, as credit limits of a customer can never be reduced. They zeroed on the computer which was used to make such changes. The computer had Jadhav’s user-ID logged in. Seventy five credit cards had been altered by him in this manner. The BPO management then approached the police who nabbed Jadhav and his associates—Hanif Shaikh (28) from Nala Sopara, Pravin Pujari (21) from Mulund, Kishore Talreja (34) from Thane, Amit More (26) from Vikhroli, Janardan Shinde (36) from Kalwa and Dilip Bhoir (40) from Kalyan. “We have recovered nine altered credit cards, seven cellphones, nine fake PAN cards and Rs 2.70 lakh in cash from the gang. They have splurged a large portion of the money they made,’’ DCP Bodkhe said. Police officials suspect the gang to have defrauded the bank to approximately Rs 1 crore.
-----------------------------------------------------------------------
Mumbai: The Dindoshi police recently arrested four persons who used a stolen card and made purchases of over Rs 50,000 in just four days. On April 28, Yogesh Mistry, who works as a cleaner in Malad, found a credit card while cleaning one Manish Agarwal’s car. Mistry, who does other odd jobs too, kept the card with him. He told his acquaintance Ashraf Sheikh, who works in a mobile shop at Hub mall in Goregaon (E), about the card. Sheikh, on the pretext of checking whether the card worked, took it from Mistry and used it to buy mobile refill cards. But he hid this from Mistry and told him that the card was of no use. Sheikh passed on the card to his friend Mohsin who bought two Nokia phones worth Rs 9,000 from Novelty Mobiles in Versova, the police said. Mohsin, who was short of money to buy a two-wheeler, requested shopowner Manish Sawla to give him cash in return for the card. Sawla fooled Mohsin by saying the credit limit was over but swiped the card showing a transaction of Rs 45,000. Sub-inspector Guljarilal Phadtare said, “The accused ran out of luck when the bank alerted Agarwal about the huge transaction and blocked the card.” Sawla returned the card to Mohsin, who handed it over to Ashraf. He returned it to Yogesh. The police, on grilling Sawla, came to know about Mohsin’s role. “One person led to another, we managed to arrest all of them,” said inspector Hemant Patil.
TIMES NEWS NETWORK
Mumbai: A BPO employee who masterminded a novel credit card scam running into a crore has been arrested by the Goregaon (E) police along with six of his well-educated associates. Prime accused Prakash Jadhav (25) was employed with Sparsh BPO in Goregaon since last July. The BPO was engaged in approving the credit limits of customers who applied to Barclays Bank for a credit card. Jadhav and his associates are all graduates, some of them having diplomas in computer hardware. The accused are technically sound, having worked in the past with computer firms, credit card companies, banks and printing presses. The is the first time they have been arrested, but the police suspect they could have committed similar frauds in the past. GOREGAON CASE Four arrested for credit card fraud
The Goregaon (E) police, who have arrested a BPO employee and six of his associates in the credit card scam, suspect they could have committed similar frauds in the past. According to the police, a customer who applies to Barclays Bank for a new credit card is first required to fill up a form with personal information and attach copies of necessary documents. The bank submits this data to the BPO, which processes it before evaluating the credit limit of the customer. The processed data is finally sent to CMS, a company which manufactures credit cards and couriers them to the customer’s residential address. Explaining the modus operandi of the racket, zonal deputy commissioner Shivaji Bodkhe said that Jadhav would make changes in the address, phone number and credit limit of customers. “The credit limit was increased, while a totally new address and phone number were assigned. The altered data was then forwarded to CMS which, by default, couriered the credit cards to the address mentioned. Now Jadhav’s gang-member would take the delivery of these cards, posing as a customer himself. He would also display a fake PAN card (manufactured by the gang) as identification proof,’’ Bodkhe said. The altered credit card was now used for shopping in malls and departmental stores. “The gang members would ask a shopowner to swipe the credit card and offer them a share of the cash received, instead of buying products from the shop. The money was then used to book two flats, buy cars and holidays out of town,’’ a senior police official said. The fraud went awry when Jadhav got into a dispute with an agent operating for the gang. “Apart from altering data of genuine credit card customers, Jadhav would also create fake identities (names and addresses of people who never existed) in the BPO’s computer system. An agent would be posted to take the delivery of such a card. Every agent was supposed to hand a commission to Jadhav. When one of them paid a smaller commission, Jadhav decided to teach him a lesson and reduced the credit limit on one of the altered card,’’ said a police officer. The management at Sparsh BPO smelt a rat last week, as credit limits of a customer can never be reduced. They zeroed on the computer which was used to make such changes. The computer had Jadhav’s user-ID logged in. Seventy five credit cards had been altered by him in this manner. The BPO management then approached the police who nabbed Jadhav and his associates—Hanif Shaikh (28) from Nala Sopara, Pravin Pujari (21) from Mulund, Kishore Talreja (34) from Thane, Amit More (26) from Vikhroli, Janardan Shinde (36) from Kalwa and Dilip Bhoir (40) from Kalyan. “We have recovered nine altered credit cards, seven cellphones, nine fake PAN cards and Rs 2.70 lakh in cash from the gang. They have splurged a large portion of the money they made,’’ DCP Bodkhe said. Police officials suspect the gang to have defrauded the bank to approximately Rs 1 crore.
-----------------------------------------------------------------------
Mumbai: The Dindoshi police recently arrested four persons who used a stolen card and made purchases of over Rs 50,000 in just four days. On April 28, Yogesh Mistry, who works as a cleaner in Malad, found a credit card while cleaning one Manish Agarwal’s car. Mistry, who does other odd jobs too, kept the card with him. He told his acquaintance Ashraf Sheikh, who works in a mobile shop at Hub mall in Goregaon (E), about the card. Sheikh, on the pretext of checking whether the card worked, took it from Mistry and used it to buy mobile refill cards. But he hid this from Mistry and told him that the card was of no use. Sheikh passed on the card to his friend Mohsin who bought two Nokia phones worth Rs 9,000 from Novelty Mobiles in Versova, the police said. Mohsin, who was short of money to buy a two-wheeler, requested shopowner Manish Sawla to give him cash in return for the card. Sawla fooled Mohsin by saying the credit limit was over but swiped the card showing a transaction of Rs 45,000. Sub-inspector Guljarilal Phadtare said, “The accused ran out of luck when the bank alerted Agarwal about the huge transaction and blocked the card.” Sawla returned the card to Mohsin, who handed it over to Ashraf. He returned it to Yogesh. The police, on grilling Sawla, came to know about Mohsin’s role. “One person led to another, we managed to arrest all of them,” said inspector Hemant Patil.
Subscribe to:
Posts (Atom)