Craft store Michaels may be latest mega-retailer to get hacked

On Saturday, security journalist Brian Krebs reported on what looks to be yet another security breach at a big-name national retailer. This time, the craft store Michaels is in the crosshairs. It seems that after being used at Michaels-owned locations, fraudulent purchases were made on at least “hundreds” of customer cards.

While Michaels has not yet confirmed a data breach, it published a press release (PDF) on Saturday saying “The Company is working closely with federal law enforcement and is conducting an investigation with the help of third-party data security experts to establish the facts. Although the investigation is ongoing, based on the information the Company has received and in light of the widely-reported criminal efforts to penetrate the data systems of U.S. retailers, Michaels believes it is appropriate to let its customers know a potential issue may have occurred.” The US Secret Service has confirmed that it is investigating the matter.

The news of a potential hack follows similar reports starting late November that Target suffered a data breach that lost the credit card numbers of over 40 million customers and the personal information of over 70 million customers. Earlier this month, luxury retailer Nieman Marcus also admitted that malware on its systems had exposed 1.1 million payment cards to hackers.

Read 3 remaining paragraphs | Comments


FBI: US court websites went down due to “technical problems,” not DDOS

While the rest of us were fretting about the Gmail outage on Friday, lawyers and those involved in the United States judicial system were concerned that and other federal courts’ sites had been hit by a distributed denial-of-service (DDOS) attack.

Also suffering an outage was, the “Public Access to Court Electronic Records” (PACER), a common way for lawyers and journalists to access court documents online. (That site, which normally charges $0.10 per page for documents, also has a free online mirror, known as RECAP.)

Initially, a spokesperson for the Administrative Office of the US Courts told Politico on Friday that it was indeed a denial-of-service attack. A group calling itself the “European Cyber Army” initially also claimed responsibility on Twitter.

Read 2 remaining paragraphs | Comments


Microsoft says new phishing attacks targeted law enforcement documents

On Friday, Microsoft admitted that “a select number” of employees fell victim to a successfully-executed highly-targeted spear phishing attacks via social media and e-mail accounts. The company says the attackers went after “documents associated with law enforcement.”

“While our investigation continues, we have learned that there was unauthorized access to certain employee e-mail accounts, and information contained in those accounts could be disclosed,” Adrienne Hall, general manager of the Trustworthy Computing Group at Microsoft, wrote on Friday.

“It appears that documents associated with law enforcement inquiries were stolen. If we find that customer information related to those requests has been compromised, we will take appropriate action. Out of regard for the privacy of our employees and customers—as well as the sensitivity of law enforcement inquiries—we will not comment on the validity of any stolen e-mails or documents.”

Read 3 remaining paragraphs | Comments