What's called the largest case of cybertheft yet has been revealed: a hacker taking information on over 485,000 credit cards from an e-commerce Website and storing the information on a U.S. government Website, according to MSNBC. What's more, as of this report many of the compromised accounts stay open because banks didn't close them or notify the customers of the hack.
The hack happened in January 1999, but few details had been made public, if any, MSNBC says, until Visa USA outlined the breadth of the crime in a late December letter to member financial institutions. The letter cites federal authorities saying the credit information included expiration dates, cardholder names and addresses, and was stolen from a Net retail site. The data included Visa, MasterCard, American Express, and Discover information, and was found on an unspecified government computer system during an audit just before March 1999, according to the letter.
However, MSNBC reports the government hasn't yet found any evidence the data was used to commit fraud, and some of the accounts turned up inactive. The thief hasn't been identified, but MSNBC says federal investigators have tracked the hacker to Eastern Europe, with an investigation continuing and bringing in diplomatic contacts with the unnamed country. Nor is the government yet naming the e-commerce site which was hit for the theft, or a possible motive for the hack.
MSNBC says it got the Visa letter from a worker at the Navy Federal Credit Union in Merrifield, VA - the world's largest. The network says the worker told them the aim of the letter was highlighting how some financial institutions fail to protect consumers when evidence turns up that their credit card information had been stolen. The credit union, the worker told MSNBC, did nothing other than order a spot check of up to 100 accounts and decided no further action was needed.
This worker also told the network fraudulent charges appeared on some of the compromised accounts, but it's impossible to link the fraud to the hack "definitively."
Visa wouldn't tell MSNBC why it waited until December to tell its members about the theft, MSNBC says, while American Express and MasterCard have declined comment and Discover told the network its fraud investigators weren't even aware of such a case.
