Major US carrier stored credit card info in the clear, employee learned on first day
It happened at a major US telco in the early 2000s
Credit card security concerns theft, fraud, payment-data breaches, and safeguards that protect account details during transactions.
Search across headline titles and summaries.
Background for this topic.
Credit card data includes the card number, expiration date, CVV code, and cardholder information used to authorize payments. This data is highly sensitive because it directly enables financial transactions and access to funds. Protecting credit card data involves securing it during storage, transmission, and processing to prevent unauthorized use or theft.
Information security concerns focus on risks such as data interception during online payments, malware targeting point-of-sale systems, and unauthorized access to stored card data. Effective defenses include strong encryption, tokenization to replace card details with non-sensitive identifiers, and strict adherence to Payment Card Industry Data Security Standards (PCI DSS). These measures reduce the risk of fraud and financial loss by limiting exposure of actual card data to attackers.
Weekly headline count for the current query.
It happened at a major US telco in the early 2000s
In a coordinated effort, the FBI, working with Google and Black Lotus Labs, has dismantled a massive Chinese phishing-as-a-service operation called Outsider Enterprise with thousands of phishing websites used to steal credit card data and passwords. [...]
A new Magecart campaign is using Stripe's API infrastructure to host the credit card-stealing payload and the data exfiltrated from checkout pages. [...]
A third-party UK visa site exposed passports and selfies on a public AWS server. It’s not official GOV.UK and affected at least 100,000 documents. UK Visa Portal is not run by the British government. It’s a third-party service, apparently operated by a UAE-registered company called Active Leadgen LLC, that charges fees to help people apply […]
Fraudsters Tokenize Stolen Cards Into Attacker WalletsGoogle Threat Intelligence Group warned that Chinese-language phishing-as-a-service platforms are using AI, encrypted messaging and real-time OTP interception to bypass multifactor authentication and provision stolen payment cards into attacker-controlled digital wallets worldwide.
In cybercrime markets, trust isn't assumed, it's verified. Flare reveals how underground guides teach actors to evaluate carding shops based on data quality, reputation, and survivability. [...]
A massive campaign impacting nearly 100 online stores using the Magento e-commerce platform hides credit card-stealing code in a pixel-sized Scalable Vector Graphics (SVG) image. [...]
Visa CISO Subra Kumaraswamy on Securing Agents, Fighting Fraud, Protecting CommerceAI is transforming trust in global payments as attackers scale faster and agents automate decisions. CISO Subra Kumaraswamy explains how Visa uses AI to combat fraud, secure transactions and build trust across consumers, merchants and a rapidly evolving digital ecosystem.
Tracking pixels let social media companies spy on their users even after they click over to advertiser sites, gleaning credit card info, geolocations, and more, according to an analysis.
A social engineering campaign impersonating PayPal and Amazon uses customer support interactions to acquire sensitive info.
Visa applications down, executives emigrating, and AI blamed for the rest The number of international workers applying for a visa to work in the UK's tech sector dropped 11 percent between Q2 and Q3 2025, and was down 6 percent year-on-year, according to consultancy RSM UK.…
Polish police have detained a 47-year-old man suspected of ties to the Phobos ransomware group and seized computers and mobile phones containing stolen credentials, credit card numbers, and server access data. [...]
Skills marketplace is full of stuff - like API keys and credit card numbers - that crims will find tasty Another day, another vulnerability (or two, or 200) in the security nightmare that is OpenClaw.…
Digital Skimming Attacks Spoof Stripe Payment Forms to Steal Payment Card DataMagecart-style digital skimming attacks targeting payment card data continue, with researchers detailing an active campaign targeting the popular WooCommerce platform and Stripe. Separately, widely used ConnectPOS exposing its code repository for years, posing a supply-chain risk for customers.
Cybersecurity researchers have discovered a major web skimming campaign that has been active since January 2022, targeting several major payment networks like American Express, Diners Club, Discover, JCB Co., Ltd., Mastercard, and UnionPay
Jacob Riggs is set to swap London for Sydney some time in the next year A British security researcher has secured Australia's strictest, invite-only visa after discovering a critical vulnerability in a government system.…
Boards are becoming increasingly focused on understanding the mechanics and implications of agentic artificial intelligence, but traditional governance processes aren't built for the speed and complexity of today's AI-driven innovation cycles, said Joanne Stonier, former chief data and AI officer at Mastercard.
Telegram-Based Market Is Exploiting Gaps in US Tracking of Departed Visa HoldersA Russian darknet marketplace is exploiting a major blind spot for U.S. financial institutions by trafficking in the identities of former legal immigrants. Telegram-based group Karma Fullz has built a profitable criminal enterprise with highly convincing synthetic identities.
China-based phishing groups blamed for non-stop scam SMS messages about a supposed wayward package or unpaid toll fee are promoting a new offering, just in time for the holiday shopping season: Phishing kits for mass-creating fake but convincing e-commerce websites that convert customer payment card data into mobile wallets from Apple and Google. Experts say these same phishing groups also are now using SMS lures that promise unclaimed tax refunds and mobile rewards points.
An ongoing phishing campaign impersonates popular brands, such as Unilever, Disney, MasterCard, LVMH, and Uber, in Calendly-themed lures to steal Google Workspace and Facebook business account credentials. [...]