Over 70,000 unencrypted credit card and CCV numbers stolen

[geeteam]

It's apparently been a bad month for security. Adobe had a breach, leaking information about nearly three million accounts. Unfortunately, those reports turned out to be conservative with the actual impact reaching 150 million. Microsoft also had a major IE11 vulnerability that was being actively exploited, but they quickly patched the hole.

Now, according to the Irish Times, the credit card information of over 70,000 people has been stolen from a company called (ironically) Loyaltybuild. Not only were the credit card numbers themselves stolen, but the related CCV numbers were as well. To add insult to injury, the data was sitting on the systems in an unencrypted format, meaning whoever took the data can start using it immediately. In addition to the direct credit card data, roughly 1.5 million people had their personal information stolen -- including names, addresses, phone numbers, and email addresses.

Now it's time for the lawyers to get involved. It sounds like Loyaltybuild was acting as a data processor for other companies such as SuperValu, but we fully expect the companies to fight in the court room as to who is responsible for paying the penalties from the breach. According to the law, fines of up to €3,000 on summary conviction or up to €100,000 on an indictment are possible, although this has never been tested in court.

Original Article