GameStop, Scottrade suffer data breaches

A duo of recent data breaches — one hitting a stock trading brokerage and another a videogame retailer — shows that more gains are needed to protect customer data, even with all of the progress made over the last 10 years.

According to a story by colleague Steve Ragan, Scottrade Bank (a subsidiary of Scottrade Financial Services Inc.) recently secured an MSSQL database that exposed the sensitive information of about 20,000 customers. The database flaw was uncovered by Chris Vickery, a researcher at MacKeeper. (You can find the Scottrade statement on the database breach here.)

This isn’t the first time a Scottrade Financial Services Inc. subsidiary suffered a serious exposure of customer data. As Ragan reported in 2015, Scottrade Inc. had to inform 4.6 million customers that they were part of a data breach revealing personal information. In this case, as in the recent event, the company didn’t identify the breach on its own. In the 2015 incident, the company was informed by the FBI.

In a separate incident last week, this one announced Friday, multichannel video game, consumer electronics and wireless services retailer GameStop said it was investigating a potential breach of credit card and other customer data from its website. The company learned of the breach from KrebsOnSecurity.

“GameStop recently received notification from a third party that it believed payment card data from cards used on the GameStop.com website was being offered for sale on a website,” a company spokesman wrote in response to KrebsOnSecurity. “That day a leading security firm was engaged to investigate these claims. GameStop has and will continue to work non-stop to address this report and take appropriate measures to eradicate any issue that may be identified.”

Later, GameStop released the following statement on its website:

At GameStop, the security of our customers’ payment card data remains a top priority. GameStop recently received notification from a third party that it believed payment card data from cards used on the GameStop.com website was being offered for sale on a website. That day a leading security firm was engaged to investigate these claims. GameStop has and will continue to work non-stop to address this report and take appropriate measures to eradicate any issue that may be identified.

We regret any concern this situation may cause for our customers. GameStop would like to remind its customers that it is always advisable to monitor payment card account statements for unauthorized charges. If you identify such a charge, report it immediately to the bank that issued the card because payment card network rules generally state that cardholders are not responsible for unauthorized charges that are timely reported.

One would think, nearly 22 years after the founding of Amazon.com and eBay, that retailers and financial services companies would have mastered the ability to protect customer data online. Yet since 2005, when Privacy Rights Clearing House started keeping track, there have been 910,587,535 records breached in 5,397 incidents.

Obviously more needs to be done to stymie that number.

RELATED LINKS

About that Twitter password breach

While majority of orgs fear big breach, they’re not prepared to respond

What is the key to lowering the high cost of a data breach?

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

w

Connecting to %s

%d bloggers like this: