[NSRCA-discussion] FMA Database Compromised

Matthew Frederick mjfrederick at cox.net
Wed Nov 19 19:23:07 AKST 2008


You'd be amazed what information someone with the proper connections can get their hands on. Usually the name on the card and the billing zip code are required to process a credit card transaction, and they're probably stored together. If I have someone's name and know where they live, I can get an address, phone number, SSN, names of neighbors, relatives, where they work, all kinds of fun stuff. Then again, I work for the government, I guess that's kinda cheating. Then again, these types of people don't really let illegal searches stop them either.

Matt
  ----- Original Message ----- 
  From: Chris Moon 
  To: General pattern discussion 
  Sent: Wednesday, November 19, 2008 8:32 PM
  Subject: Re: [NSRCA-discussion] FMA Database Compromised


  Guys:
  I kind of doubt it was simply a breach of their external credit card processor, and here's why.  On Monday, I received a small print order (less than $6) from an online printing company.  The small box had my name and address correctly on it and it was from a company that had 3 of the fraudulent charges on my credit card.  I did not order this stuff of course, but the thieves clearly had not only my valid credit card number and expiration date as a processing company might have, but had my correct name and address to go with it.  One of the online forums had a posting from a guy who said they had enough info on him to get this bank to release the pin# for his card to THEM and subsequently took out $400 in cash advances.  So unless the credit card processors need the name and address data too in order to process the charges (I know for a fact they did not need this data years ago), I think it was the FMA internal server that was hacked, or an inside job from an employee or ex-employee - which I think is most likely.  

  Chris

  Pete Cosky wrote: 
    That's the truth. A lock only keeps an honest man honest.

    From what I gathered it wasn't FMA that was compromised, it was their payment processor, which begs the question how many other businesses are impacted by this breach.
      ----- Original Message ----- 
      From: Archie Stafford 
      To: 'General pattern discussion' 
      Sent: Wednesday, November 19, 2008 7:29 PM
      Subject: Re: [NSRCA-discussion] FMA Database Compromised


      Matt,



      The security symbol would not have helped here.  I'm sure FMA has a fairly secure site.  Their database was what was compromised.  Technology improves daily for this type of fraud.but so do the people doing it.  



      Arch






--------------------------------------------------------------------------

      From: nsrca-discussion-bounces at lists.nsrca.org [mailto:nsrca-discussion-bounces at lists.nsrca.org] On Behalf Of MATT LIPRIE
      Sent: Thursday, November 20, 2008 4:53 AM
      To: mups1953 at yahoo.com; General pattern discussion
      Subject: Re: [NSRCA-discussion] FMA Database Compromised



      That is why I am so leary of using a credit card somewhere like that.   Plus I do always check if the website has a little security symbol on the bottom of the page.



      Matthew L.

        ----- Original Message ----- 

        From: mike mueller 

        To: General pattern discussion 

        Sent: Wednesday, November 19, 2008 7:52 AM

        Subject: Re: [NSRCA-discussion] FMA Database Compromised



               Bingo, that explains it. Good catch!

              --- On Tue, 11/18/08, MKMSG <mkmsg at cox.net> wrote:

              From: MKMSG <mkmsg at cox.net>
              Subject: [NSRCA-discussion] FMA Database Compromised
              To: "NSRCA Discussion List" <nsrca-discussion at lists.nsrca.org>
              Date: Tuesday, November 18, 2008, 11:14 PM

              If any of you have recently bought products on line from FMA Direct using a credit card, check your credit card account.  FMA's database has been compromised/hacked and whoever has the information is making charges against the credit cards.  I read this in the electric forum on Ezonemag.com.    Sure enough, when I brought up my VISA account, there was a NAPSTER charge there so I cancelled the card.  You might want to check yours if you've done business on line with FMA recently.



              Mike



_______________________________________________NSRCA-discussion mailing listNSRCA-discussion at lists.nsrca.orghttp://lists.nsrca.org/mailman/listinfo/nsrca-discussion 




------------------------------------------------------------------------

        _______________________________________________
        NSRCA-discussion mailing list
        NSRCA-discussion at lists.nsrca.org
        http://lists.nsrca.org/mailman/listinfo/nsrca-discussion 


------------------------------------------------------------------------


        No virus found in this incoming message.
        Checked by AVG - http://www.avg.com 
        Version: 8.0.175 / Virus Database: 270.9.7/1799 - Release Date: 11/19/2008 8:58 AM



--------------------------------------------------------------------------
      _______________________________________________
      NSRCA-discussion mailing list
      NSRCA-discussion at lists.nsrca.org
      http://lists.nsrca.org/mailman/listinfo/nsrca-discussion
----------------------------------------------------------------------------
_______________________________________________
NSRCA-discussion mailing list
NSRCA-discussion at lists.nsrca.org
http://lists.nsrca.org/mailman/listinfo/nsrca-discussion

------------------------------------------------------------------------------


  _______________________________________________
  NSRCA-discussion mailing list
  NSRCA-discussion at lists.nsrca.org
  http://lists.nsrca.org/mailman/listinfo/nsrca-discussion
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.nsrca.org/pipermail/nsrca-discussion/attachments/20081120/9a12f92c/attachment.html>


More information about the NSRCA-discussion mailing list