Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Attacks/Breaches

Hackers Tap Western Union

Breach of customer database threatens personal info of about 20,000 customers

Western Union is notifying some 20,000 customers of a database breach that may have compromised their personal information, according to a report published earlier today.

The thieves got names, addresses, phone numbers, and complete credit-card information by breaching a Western Union database sometime in late May, according to a July 6 letter sent to customers by James Keese, Western Union's privacy officer.

The company did not provide details on how the breach occurred, but company spokeswoman Sherry Johnson told reporters that the database was "offline" and could not have been accessed via the Western Union Website.

"We are not aware of any ID theft or any kind of fraudulent use that was made from this information," Johnson said. The FBI is investigating the incident.

The authors of the report asked customers at a New York Western Union office about the letter, but none of the individuals they interviewed had heard about the incident. No notices about the incident were posted in the office, according to the report.

Western Union has suffered security breaches before. Last August, the company notified customers of its Equity Accelerator service that their data might have been compromised through a burglary at Paymap Inc., a Western Union contractor. In September 2005, thieves made off with disks containing personal data on Equity Accelerator customers from 1999 to 2002, according to a letter from Michael Mulligan, vice president of operations at Paymap.

And way back in September of 2000, Western Union was forced to shut down its Website for five days after a security breach allowed hackers to steal the credit or debit card numbers of more than 15,000 customers.

Requests for details on the breach have not been answered at this posting.

— Tim Wilson, Site Editor, Dark Reading

Tim Wilson is Editor in Chief and co-founder of Dark Reading.com, UBM Tech's online community for information security professionals. He is responsible for managing the site, assigning and editing content, and writing breaking news stories. Wilson has been recognized as one ... View Full Bio

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
HackerOne Drops Mobile Voting App Vendor Voatz
Dark Reading Staff 3/30/2020
Limited-Time Free Offers to Secure the Enterprise Amid COVID-19
Curtis Franklin Jr., Senior Editor at Dark Reading,  3/31/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
6 Emerging Cyber Threats That Enterprises Face in 2020
This Tech Digest gives an in-depth look at six emerging cyber threats that enterprises could face in 2020. Download your copy today!
Flash Poll
State of Cybersecurity Incident Response
State of Cybersecurity Incident Response
Data breaches and regulations have forced organizations to pay closer attention to the security incident response function. However, security leaders may be overestimating their ability to detect and respond to security incidents. Read this report to find out more.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-11529
PUBLISHED: 2020-04-04
Common/Grav.php in Grav before 1.6.23 has an Open Redirect.
CVE-2020-11527
PUBLISHED: 2020-04-04
In Zoho ManageEngine OpManager before 12.4.181, an unauthenticated remote attacker can send a specially crafted URI to read arbitrary files.
CVE-2020-11528
PUBLISHED: 2020-04-04
bit2spr 1992-06-07 has a stack-based buffer overflow (129-byte write) in conv_bitmap in bit2spr.c via a long line in a bitmap file.
CVE-2020-11518
PUBLISHED: 2020-04-04
Zoho ManageEngine ADSelfService Plus before 5815 allows unauthenticated remote code execution.
CVE-2020-5347
PUBLISHED: 2020-04-04
Dell EMC Isilon OneFS versions 8.2.2 and earlier contain a denial of service vulnerability. SmartConnect had an error condition that may be triggered to loop, using CPU and potentially preventing other SmartConnect DNS responses.