You are here

Security News

2/10/2017

Arby's data breach may affect 355,000+ customers!

The breach, which occurred between Oct. 25, 2016 and Jan. 19, 2017, is the same kind of malware attack behind earlier data breaches at Target and Home Depot. The malware allows hackers to steal data as the card is swiped at the cash register. Arby's said the malware has now been eradicated. The fast-food chain stresses it only affects company-owned restaurants, not its franchises. It advises customers to keep a close eye on their credit and debit card statements for unauthorized activity.

2/24/2016

Publishers Clearing House Scam Alert Update: Beware of Fraudsters Pretending to be real PCH Employees!

At Publishers Clearing House we care about consumers and want to be sure you stay protected from SCAMMERS fraudulently pretending to be associated with our well-recognized PCH name!  As a company that has been in business for over 50 years, PCH is an iconic brand, recognized and welcomed into households all across the country.  And, if you are familiar with the PCH name, you can be sure the scammers know us, as well.

Recently we’ve been hearing reports that scammers are accessing and using the names of our real PCH employees in their criminal attempts to deceive you.  Names you’ve come to know and recognize such as Dave Sayer, Todd Sloane and Danielle Lam – all real members of our famous PCH Prize Patrol.  Even the name of Deborah Holland, our Executive Vice President whose name appears in PCH promotional mailers, has been hijacked and illegally used by scammers.

If you are ever contacted by someone claiming to represent PCH, or claiming to be one of our employees,  and asked to send or wire money (for any reason whatsoever, including taxes); or send a pre-paid gift card or Green Dot Moneypak card in order to claim a sweepstakes prize – DON’T!  It’s a SCAM. If you are sent a check, told it’s a partial prize award, and asked to cash it and send a portion back to claim the full prize award, DON’T.  The check is fake, but the SCAM is real!

Publishers Clearing House does not operate this way and would NEVER ask for money to claim a prize award.  PCH employees would never contact you personally or in advance to notify you of a prize award.  Our prize awards are presented just the way you see in our popular TV commercials, ‘live and in person’ by our Prize Patrol, with balloons, bouquet of roses and check in hand - - and with no advance notification!

Scammers use any means available – mail; telephone; internet; email and even Facebook, Twitter and Instagram!  Whatever the method of contact, their main goal is to deceive you into believing you’ve won a prize award and need to send a pre-payment to claim that prize.  Don’t fall for it!

PCH continues to actively partner with The Federal Trade Commission, the US Postal Service, police and law enforcement officials around the country by sharing information we collect to help these regulatory agencies go after the bad guys.  Unfortunately, it is a fact of life that certain scammers continue to operate.  They will do their best to try and deceive you into thinking you are dealing with the real PCH.  Don’t fall for it!  - - - Remember, stay protected and don’t fall victim – if the prize isn’t free – and you’re expected to send some type of payment to claim it, you’re being SCAMMED! 

11/30/2015

Hilton Worldwide announced that it has identified and taken action to eradicate unauthorized malware that targeted payment card information in some of its point-of-sale systems. In response to the breach, the company said that it immediately launched an investigation and has further strengthened its systems.

Through its investigation, Hilton determined that specific payment card information was targeted by this malware. This information includes cardholder names, payment card numbers, security codes and expiration dates, but no addresses or personal identification numbers. The company said that as a precautionary measure, customers may wish to review and monitor their payment card statements if they used a payment card at a Hilton Worldwide hotel over a 17-week period, from Nov. 18 to Dec. 5, 2014 or April 21 to July 27, 2015.



12/6/2014

The fast-food chain Chick-fil-A has confirmed that it was the victim of a recent data breach.

The breach, reported by security writer Brian Krebs this week on his Krebs on Security blog, came to the restaurant chain's attention after several financial institutions found transactions at Chick-fil-A to be the common thread between credit card fraud cases. Chick-fil-A says that law enforcement has begun an investigation into the incidents.

Customer data was stolen from December 2013 through September 30, 2014, according to the report.

A source at one financial institution told Krebs that its exposure to the breach is higher than to the high-profile Target retail chain data breach earlier this year, with nearly 9,000 customer cards at risk.

The restaurant chain released a comment saying it had "recently received reports of potential unusual activity," and that Chick-fil-A is "working with leading IT security firms, law enforcement and our payment industry contacts to determine all of the facts."

11/10/2014

The Federal Bureau of Investigation is leading an investigation into a data breach at the U.S. Postal Service, which affected employees and customers.

In a Nov. 10 statement, which provides few details, USPS says it recently learned of a "cybersecurity intrusion" into some of its information systems. All operations are now functioning normally, according to the statement.

More than 800,000 employees were impacted in the breach, says David Partenheimer, spokesperson for the USPS. Employee information potentially compromised includes names, dates of birth, Social Security numbers, addresses, beginning and end dates of employment and emergency contact information.

Customers who contacted the Postal Service Customer Care Center with an inquiry via telephone or e-mail between Jan. 1 and Aug. 16 were also potentially affected, although USPS is still investigating the exact number of individuals impacted, Partenheimer says. Potentially compromised customer details include names, addresses, telephone numbers and e-mail addresses.

10/14/2014

Staples has confirmed that it's investigating a potential data breach after a report warned that elevated levels of payment card fraud had recently been tied to card numbers used by consumers who shopped at the office supply retailer.

Staples is in the process of investigating a potential issue involving credit card data and has contacted law enforcement," Staples spokesman Mark Cautela tells Information Security Media Group.

The retailer confirmed the investigation after security blogger Brian Krebs reported that sources at more than six East Coast banks had seen a spike in card-related fraud that seemed to correspond with cards that were used by shoppers at 11 Staples locations across New Jersey, New York City and Pennsylvania.

The fraudulent purchases were reportedly made in non-Staples locations, which suggests that criminals may have used point-of-sale malware to harvest the card numbers, then either created and used fake cards using the stolen data, or else used the data to make fraudulent purchases online.

10/14/2014

Retailer Kmart has confirmed a breach that started in early September involving a "new form" of malware that infected the company's payment card systems.

The breach was detected by Kmart's IT team on Oct. 9, which immediately led to a full investigation with the help of a leading IT security firm, the company says in an Oct. 10 statement. Kmart is owned by Sears Holdings Corp., headquartered in Hoffman Estates, Ill.

Compromised information includes debit and credit card numbers. Based on the forensic investigation to date, no personal information, debit card PINs, e-mail addresses or Social Security numbers were obtained by the hackers. Kmart also says there's no evidence that its kmart.com customers were impacted by the breach. A Kmart spokesperson told Information Security Media Group that the retailer is not at this time disclosing any details about the quantity of payment cards that may have been compromised.

The malware used in the attack was undetectable by current anti-virus systems, the company says.

"This data breach has been contained and the malware has been removed," Alisdair James, Kmart president and chief member officer, says. "I sincerely apologize for any inconvenience this may cause our members and customers."

Customers who shopped with a credit or debit card in Kmart stores during the month of September through Oct. 9 will be offered free credit monitoring protection, the company says.

Kmart says it's working closely with federal law enforcement authorities, its banking partners as well as security experts in its ongoing investigation.

Kmart operates a total of 1,221 stores across 49 states, Guam, Puerto Rico and the U.S. Virgin Islands, as of February 2013, according to the company's website.

Reacting to this latest announcement, Al Pascual of Javelin Strategy and Research is encouraged by Kmart's prompt breach notification.

"It is nice to see that they detected the breach and disclosed it to the public within a month," he says. "And while it is a simple thing, I'm also rather encouraged by the language that was used in the notification specifically around the liability of affected cardholders - in that they have zero liability for fraud as long as they report suspected fraud immediately."

Pascual does offer a cautionary word for consumers: "Kmart's advisement to victims that they closely monitor their accounts is on point, but they are fostering a false sense of security by providing credit monitoring, which is largely ineffective in preventing fraud on existing card accounts."

09/08/2014

The Home Depot, a U.S. national retailer, confirmed today that their payment data systems have been breached. The Home Depot has released the following information so far about this incident: 

  • All customers that used their debit or credit cards at its stores in the U.S. and Canada since April 2014 may be affected.
  • There is no evidence that customers that used their debit or credit cards at its stores in Mexico and online at homedepot.com are affected.
  • There is no evidence that cardholders’ debit PINs were compromised.

We understand that data breach announcements of this nature are frustrating and can prompt many questions such as…was my card data stolen?...is my checking account compromised?...am I liable for unauthorized purchases?

While more specific information about this breach is still needed to determine the impact to our cardholders, we can assure you that we are closely monitoring this situation and will take any action necessary to protect you against fraud.

As your community bank, the protection and security of your accounts is always one of our highest priorities. Here's what we're doing to protect you:

  • As more details become available from The Home Depot and other sources, we will work diligently to identify our cardholders that may be affected by this breach.
  • If necessary, we will deactivate your card and reissue a new one at no charge. We won’t take this action without notifying you in advance so you won’t be caught at an ATM or store without the ability to use your card.
  • We use sophisticated fraud-monitoring software to detect abnormal spending patterns, which could be an indicator of fraud. If the transaction matches certain criteria, we’ll go so far as restricting your card in real-time to prevent future transactions until we can reach you to verify the transaction was authorized by you.
  • Rest assured that even if your debit card information was compromised, your checking account information remains safe. The checking account number linked to your debit card is not encoded on your card and therefore cannot be identified from your card data.
  • All New Tripoli Bank VISA debit cards have Zero Liability Protection. This means you’re not liable for unauthorized transactions that you report to us in a timely manner.

Here’s how you can help us protect against fraud:

  • Always monitor your accounts for transactions you don’t recognize and notify us immediately at 610-395-8834 if you see anything suspicious.
  • If you identify suspicious activity during non-business hours, call 800-264-5578 to have your debit card shut down.
  • As a reminder, we will never ask you to enter or say your card number by email, text, or phone. We may call to validate charges for security purposes, however, you will not be asked for your card number and you should never give it out. 
  • Enroll in Online Banking and setup account alerts to be notified when certain transaction activity occurs.

If you have any questions or concerns, please contact us or visit your local branch. Thank you for the trust you place in us to protect your financial information.