From: InfoSec News (alertsinfosecnews.org)
Date: Wed Jan 07 2009 - 00:09:46 CST

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

http://www.computerworld.com/action/article.do?command=viewArticleBasic&taxonomyName=security&articleId=9125078

By Robert McMillan
January 6, 2009
IDG News Service

CheckFree and some of the banks that use its electronic bill payment
service are notifying more than 5 million customers after criminals took
control of several of the company's Internet domains and redirected
customer traffic to a malicious Web site hosted in the Ukraine.

The Dec. 2 attack was widely publicized shortly after it occurred, but
in a notice filed with the New Hampshire Attorney General, CheckFree
disclosed that it was warning many more customers than previously
thought.

hat's because CheckFree is not only notifying users of its own
CheckFree.com Web site of the breach, it is also working with banks to
contact people who tried to pay bills from banks that use the CheckFree
bill payment service.

"The 5 million people who were notified about the CheckFree redirection
were a combination of two groups," said Melanie Tolley, vice president
of communications with CheckFree's parent company, Fiserv, in an
prepared statement. "1.) those who we were able to identify who had
attempted to pay bills from our client's bill pay sites and minus those
who actually completed sessions on our site; and 2.) anyone enrolled in
mycheckfree.com."

[...]

_______________________________________________
Please help InfoSecNews.org with a donation!
http://www.infosecnews.org/donate.html

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]