Database Hack Exposes Police Financial Data
Reevesnamepins.com, a company that manufacturers the plastic and metal name tags that police officers around the country wear on their uniforms, had its customer database hacked recently, exposing credit card and other personal data for a number of police departments.
A woman who answered the phone at ReevesNamepins confirmed that the company had recently experienced a security breach, but declined to provide further details and referred inquiries to the company's CEO, who could not be immediately reached for comment.
The discovery was made by investigators at CardCops.com, which monitors online sites and forums for evidence of stolen credit and consumer data. CEO Dan Clements said his company spotted the stolen credit card information while trolling an Internet relay chat (IRC) room dedicated to credit card fraud (I have written about these types of forums in my coverage of phishing scams).
Among information posted into the forum was corporate and personal accounts registered to officers and police departments nationwide, including the New York Police Dept., the Alamosa County (Colo.) Sherrif's Department, and the Idaho State Police, Clements said.
"We called up a few of the police departments and found that Reeves was the common denominator," he said.
Shannon Squires, a purchase card administrator for the Idaho State Police, confirmed that one of the department's MasterCard account numbers was recently compromised and that the department had recently ordered from Reevesnamepins.com.
Interestingly enough, Squires said she received an e-mail from CardCops about the incident but dismissed it as e-mail fraud. "I thought it was spam and forwarded it to Wells Fargo [the department's credit card issuer] and they told me just to delete it."
In my own reporting on phishing and credit card fraud, I've run into similar roadblocks when trying to contact fraud victims for interviews Clements echoed this experience, citing frustration in trying to get the attention of victims who write off the alerts as nothing more than spam.
"We send them e-mail and call them, but what else can we do?"
Posted by: Adam | December 19, 2005 5:50 PM | Report abuse
Posted by: Cop | December 20, 2005 12:46 PM | Report abuse
Posted by: GTexas | December 21, 2005 4:06 PM | Report abuse
Posted by: Colleen | January 10, 2006 12:56 PM | Report abuse
The comments to this entry are closed.