Network News

X My Profile
View More Activity

Database Hack Exposes Police Financial Data

Reevesnamepins.com, a company that manufacturers the plastic and metal name tags that police officers around the country wear on their uniforms, had its customer database hacked recently, exposing credit card and other personal data for a number of police departments.

A woman who answered the phone at ReevesNamepins confirmed that the company had recently experienced a security breach, but declined to provide further details and referred inquiries to the company's CEO, who could not be immediately reached for comment.

The discovery was made by investigators at CardCops.com, which monitors online sites and forums for evidence of stolen credit and consumer data. CEO Dan Clements said his company spotted the stolen credit card information while trolling an Internet relay chat (IRC) room dedicated to credit card fraud (I have written about these types of forums in my coverage of phishing scams).

Among information posted into the forum was corporate and personal accounts registered to officers and police departments nationwide, including the New York Police Dept., the Alamosa County (Colo.) Sherrif's Department, and the Idaho State Police, Clements said. 

"We called up a few of the police departments and found that Reeves was the common denominator," he said.

Shannon Squires, a purchase card administrator for the Idaho State Police, confirmed that one of the department's MasterCard account numbers was recently compromised and that the department had recently ordered from Reevesnamepins.com.

Interestingly enough, Squires said she received an e-mail from CardCops about the incident but dismissed it as e-mail fraud.  "I thought it was spam and forwarded it to Wells Fargo [the department's credit card issuer] and they told me just to delete it."

In my own reporting on phishing and credit card fraud, I've run into similar roadblocks when trying to contact fraud victims for interviews Clements echoed this experience, citing frustration in trying to get the attention of victims who write off the alerts as nothing more than spam.

"We send them e-mail and call them, but what else can we do?"

By Brian Krebs  |  December 19, 2005; 12:45 PM ET
Categories:  Latest Warnings  
Save & Share:  Send E-mail   Facebook   Twitter   Digg   Yahoo Buzz   Del.icio.us   StumbleUpon   Technorati   Google Buzz   Previous: 'Dasher' No Reindeer Game
Next: Guidance Software's Customer Database Compromised

Comments

That's a great story, Brian!

Do you have any idea how many people were affected? Enquiring databases want to know!

Posted by: Adam | December 19, 2005 5:50 PM | Report abuse

How do you spell Sheriff?

Posted by: Cop | December 20, 2005 12:46 PM | Report abuse

"Quis Custodiet Ipsos Custodes?" is an old question -- Who will watch the watchers ? -- but this case brings up a more interesting question as far as the crime of Identity Theft is concerned ...

How do "the watchers" prove *their* identity? Masking publically available identifying information (addresses, home phone numbers etc.) is routine procedure for Police.

Posted by: GTexas | December 21, 2005 4:06 PM | Report abuse

That Ambro thing was a PITCH for you to buy their insurance on their credit! They then sent me a letter stating that the info was found later in a warehouse and the security was not breached but wouldn't it be better if I had their insurance on my credit.......
Is that legal? It certainly isn't ethical.

Posted by: Colleen | January 10, 2006 12:56 PM | Report abuse

The comments to this entry are closed.

 
 
RSS Feed
Subscribe to The Post

© 2010 The Washington Post Company