"The disclosures, by
Dun & Bradstreet Corp, Altegrity Inc's
Kroll Background America Inc and Reed Elsevier's
LexisNexis Inc, came after website KrebsOnSecurity first reported the breaches.
The site said the attacks were masterminded by a cybercrime ring that sold stolen data such as credit reports through the website ssndob.ms, or SSNDOB. (
http://krebsonsecurity.com/2013/09/data-broker-giants-hacked-by-id-theft-service/)
The ring offered social security numbers, birthdays and other personal data of U.S. residents for between 50 cents and $2.50 per record, KrebsOnSecurity reported. Credit reports and background checks cost between $5 and $15, the cybersecurity site reported after a seven-month investigation into SSNDOB.
KrebsOnSecurity said the group placed malicious software on servers at LexisNexis as early as
April 2013, suggesting that the attackers had access to its internal networks for at least five months.
SSNDOB administrators operated a small botnet, or group of infected computers remotely controlled by hackers, that was in direct communication with computers inside several large U.S. data brokers, the KrebsOnSecurity report said.
Five hacked servers were identified by examining the web interface used to control the botnet. Two of them were inside LexisNexis, two at D&B, and one at Kroll Background America."
http://news.yahoo.com/data-brokers-d-b-lexisnexis-altegrity-report-cyber-020617370--sector.html
http://slickdeals.net/f/6018544-rakuten-buy-com-customers-getting-fraudulent-credit-card-charges Rakuten (victims, or lax security standards on their own systems?)
