20 Million Credit Cards stolen in South Korea; 40% Population affected by the Data Leak

Since all threats to data security and privacy often come from outside, but internal threats are comparatively more dangerous and a difficult new dimension to the data loss prevention challenge i.e.Data Breach. The "Insider threats" have the potential to cause greater financial losses than attacks that originate outside the company.

This is what happened recently with three credit card firms in South Korea, where the financial and personal data belonging to users of at least 20 million, in a country of 50 million, was stolen by an employee, who worked as a temporary consultant at Korean Credit Bureau (KCB).

“Confidential data of customers ranging from the minister-level officials to celebrities, including their phone numbers, addresses, credit card numbers, and even some banking records, have been leaked from Kookmin Bank, Shinhan Bank and several other commercial banks”,

The stolen data includes the bank account numbers, customers' names, social security numbers, phone numbers, credit card numbers and expiration dates, according to the estimate by the Financial Supervisory Service (FSS).

The arrested employee behind the theft, later sold the data to phone marketing companies, whose managers were also arrested earlier this month.

"The credit card firms will cover any financial losses caused to their customers due to the latest accident," the FSS said and assured that the Regulators have launched investigations into security measures at the affected firms.

"Their parent firms seem to be taking a step back (from the issue) and not showing any responsible attitude, We will hold them fully responsible for the data leak if their sharing of client data among affiliates and internal control turn out to be the cause."

Now this is not the first time when a company is facing data breach because of Insider Threat, last month an employee of Citibank Korea was arrested for stealing the personal data of 34,000 customers. In 2012, two South Korean hackers were arrested for data from 8.7 million customers in the nation's second-biggest mobile operator.

Comments

Facebook Web Security Bug Bounty: Directory Traversal Vulnerability / RCE In Parse.com

http://parse.com directory traversal vulnerability Little Insight: http://parse.com was vulnerable to a directory traversal / RCE vulnerability. As a result, it was possible for an attacker to load web server-readable files from the local filesystem. or Run commend on That Well this is my 4th reward form facebook Directory Traversal or RCE Vulnerability That give me 5th position in Facebook white-hat Page Report Date :23 July 2014 Reward For Directory Traversal or RCE Vulnerability : 20000$ How This work......? As we discussed earlier on my old post Flowdock Directory Traversal Vulnerability exposed files outside of Rails’ view paths. '%5C' turns into '\' after decoding. Using Rack::Protection it only rejects '/../' segments in the request path. patch apply for Rack::Protection acording CVE-2014-0130 and also Reject now '%5C' turns into '\' af...

HC WeB : A Browser for HACKERS...

A Browser for HACKERS... Try for Free... Download HC WeB Setup Gallery: Online Penetration Testing Tools Index Information Gathering Whois DNS Location Info Enumeration and Fingerprint Data Mining Search Engines Editors Online Text Editors Share Text Snippets Network Utilities Ping HTTP HTTPS VNC Remote Desktop SSH DNS Sniffers Misc Forensics Frameworks URL Cloaking E-mail Password Cracking Encoders and Decoders Encoders Decoders Malwares Malware Analysis Identify Malicious Websites Suspected Malicious IPs and URLs Application Auditing SQL Injection Cross Site Scripting File Inclusion Anonymity Proxy Others Hackery Open Penetration Testing Bookmarks Collection Hacker Media Blogs, Forums, Magazines and Videos. Methodologies Penetration testing frameworks, standards and methodologies. OSINT Presentations, People, Organizations and Infrastructure. Exploits an...

Confirmed: Angry Birds website hacked by Anti-NSA Hacker

Syrian Electronic Army yesterday posted a tweet saying that one of its friend with handle "Anti-NSA" hacker defaced the Angry website. At the time, we were not able to confirm the defacement. No one was reported to have seen the hack. Even the Zone-h mirror didn't confirm the defacement, displayed a message "The mirror is onhold and has not been verified yet". So, we didn't have strong proof to report the hack. Today, Rovio, creator of angry birds, confirmed that the defacement was there for few minutes and corrected immediately. Now, the Zone-h record also confirmed it. Antti Tikkanen, Director of Security Response at F-Secure Labs, said in twitter that the attack is actually 'DNS Hijack attack'. He mentioned that the website itself not touched by the hacker; hacker managed to modify the DNS records. He also said that the angrybirds website pointed to some IP address(31.170.165.141) assoicated with Lithuania for at least one hour. The same ...

Hacking Concepts

Search This Blog