Fraudsters Exploited Lax Security at Equifax’s TALX Payroll Division

Credit to Author: BrianKrebs| Date: Thu, 18 May 2017 20:23:13 +0000

Identity thieves who specialize in tax refund fraud had big help this past tax year from Equifax, one of the nation’s largest consumer data brokers and credit bureaus. The trouble stems from TALX, an Equifax subsidiary that provides online payroll, HR and tax services. Equifax says crooks were able to reset the 4-digit PIN given to customer employees as a password and then steal W-2 tax data after successfully answering personal questions about those employees. In a boilerplate text sent to several affected customers, Equifax said the unauthorized access to customers’ employee tax records happened between April 17, 2016 and March 29, 2017. Beyond that, the extent of the fraud perpetrated with the help of hacked TALX accounts is unclear, and Equifax refused requests to say how many consumers or payroll service customers may have been impacted by the authentication weaknesses.

Read more

Payments Giant Verifone Investigating Breach

Credit to Author: BrianKrebs| Date: Tue, 07 Mar 2017 18:02:30 +0000

Credit and debit card payments giant Verifone [NYSE: PAY] is investigating a breach of its corporate computer networks that could impact companies running its point-of-sale solutions, according to multiple sources. Verifone says the extent of the breach was “limited” and that its payment services network was not impacted. San Jose, Calif.-based Verifone is the largest maker of credit card terminals used in the United States. It sells point-of-sale terminals and services to support the swiping and processing of credit and debit card payments at a variety of businesses, including retailers, taxis, and fuel stations. On Jan. 23, 2017, Verifone sent an “urgent” email to all company staff and contractors, telling them that they had 24 hours to change all company passwords.

Read more

The FTC’s Internet of Things (IoT) Challenge


One of the biggest cybersecurity stories of 2016 was the surge in online attacks caused by poorly-secured “Internet of Things” (IoT) devices such as Internet routers, security cameras, digital video recorders (DVRs) and smart appliances. Many readers here have commented with ideas about how to counter vulnerabilities caused by out-of-date software in IoT devices, so why not pitch your idea for money? Who knows, you could win up to $25,000 in a new contest put on by the U.S. Federal Trade Commission (FTC).

Read more