At a glance.
- Costco discloses card-skimmer incident.
- Contract lawyers and workplace surveillance.
- Cyprus fines WiSpear for surveillance van case.
Costco discloses card skimmer breach.
After shoppers complained (on Twitter and Reddit) of fraudulent credit card charges, Forbes reports that Costco discovered a credit card skimmer in one of its Canadian stores. Fox Business adds that skimmers were found at four additional stores in the state of Illinois.
Bleeping Computer reports that Costco, the fifth largest retailer in the world, sent a notice to impacted customers explaining, "If unauthorized parties were able to remove information from the device before it was discovered, they may have acquired the magnetic stripe of your payment card, including your name, card number, card expiration date, and CVV.”
Chief identity officer at Outseer Armen Najarian told ZDNet that staffing shortages and increased shopping make the holiday season primetime for such incidents: “All of this, unfortunately, will be amplified this year as pandemic-induced labor shortages reach unprecedented levels. If retailers want to keep their customers safe and happy this holiday season, they need to prioritize payment authentication software for in-store and online transactions alike.”
Randy Watkins, Chief Technology Officer at CRITICALSTART comments on the typical scope of card-skimming incidents:
“These types of physical data theft [are] typically very isolated. Card skimming devices are used on everything from gas pumps to ATMs, and are typically isolated, only posing a threat to patrons of the breached device. The data that the attacker can obtain from the magnetic strip on a card actually depends on the card itself. While things like the credit card number, full name, expiration, and country code is universal, other cards can contain additional information like billing address or rewards account numbers. Consumers should make a habit of checking card slots for any foreign devices (internal or external) before swiping their card."
Contract lawyers face surveillance.
The Washington Post examines the rise of the use of facial recognition systems by law firms seeking to keep a watchful eye on contract lawyers working from home. The software is intended to reduce fraud and safeguard the sensitive documents these lawyers handle on a daily basis. However, these as-needed hires already feel they’re seen as commodities, often working at reduced hourly rates without benefits and little job security, and for many the controversial surveillance adds insult to injury. Workers complain that the software showed troubling inconsistencies, notably misidentifying workers of color or unnecessarily red-flagging activities as innocuous as shifting in a chair or holding a coffee mug. “The irony in this situation is that it’s attorneys, who traditionally advocate for employee rights or justice when they’re made aware of intrusions like these,” said Amy Aykut, a contract attorney in the D.C. area.
Cyprus fines WiSpear for surveillance van case.
A two-year-old scandal known as the “spy van” case has resulted in intelligence company WiSpear paying the Office of the Commissioner for Personal Data Protection in Cyprus a fine of nearly $1 million under the European Union’s General Data Protection Regulation (GDPR). Bleeping Computer recounts that the 2019 case involved a van stationed at Larnaca airport in Cyprus equipped with millions of dollars worth of surveillance tech. Capable of breaking into Android smartphones and intercepting messages from apps like WhatsApp and Signal, the tech was used to collect the Media Access Control (MAC) address and International Mobile Subscriber Identity (IMSI) of multiple devices, according to Irene Nicolaidou, Cyprus’s Commissioner for the Protection of Personal Data.
WiSpear, however, insisted the van was merely installing a WiFi system for the airport with permission from operator Hermes Airports. In addition to seizing the van, the Cyprus law enforcement arrested three WiSpear employees on thirteen charges including violation of privacy law and processing private data, but the suspects were later released. Reports note that Tal Dilian, the owner of the van and CEO of WiSpear, previously founded Circles, a surveillance company that merged with NSO Group, makers of the controversial spyware at the center of the Pegasus scandal.