What Information Was Stolen
and How?"> According to multiple sources, thieves may have made off with PIN blocks, or groups of encrypted debit card PIN information, as well as a key to decrypt the information. That information is being used to format "white cards," or blank magnetic stripe credit cards, according Fossa and Wolfeasazder.Law enforcement does not know if the PIN information was stolen from OfficeMax or a partner company, or whether it was taken in an electronic hack or leaked by an insider. At least one source familiar with the investigation, who asked to remain anonymous because of the ongoing investigation, named OfficeMax as the source of the PIN block information. However, OfficeMax, based in Itasca, Ill., maintains that its network has not been compromised, according to Bill Bonner, the companys spokesperson. "We have no knowledge of a security breach at OfficeMax," he said. Criminals have turned to debit card accounts because they are less well-protected by anti-fraud technology than traditional credit card accounts, said Mike Urban, director of fraud technology operations at FairIsaac, a Minneapolis, Minn., company that monitors ATM and banking fraud. FairIsaac is monitoring a number of ATM fraud incidents around the country and notifies card issuers when it identifies fraudulent activity on an account, Urban said. "We are seeing a significant increase in stolen PIN cards," he said. Check out eWEEK.coms for the latest security news, reviews and analysis. And for insights on security coverage around the Web, take a look at eWEEK.com Security Center Editor Larry Seltzers Weblog.
For the card accounts stolen from Leominster and Fitchburgh credit union customers, the stolen information appears to be tested in California first, then used for fraudulent transactions all over the world, Detective Wolfeasazder said.