Home page logo

dataloss logo Data Loss mailing list archives

Hackers set up accounts in names of local railroad workers
From: Erica Absetz <erica () riskbasedsecurity com>
Date: Wed, 27 Mar 2013 10:05:19 -0400


Hackers stole the identity of 18 local people -- at least 17 of them
current or past BNSF workers -- and used their personal information to
bilk an online company out of more than $11,000.

Twelve Lincoln residents and six more who live in Lancaster County got
bills from PayPal for hundreds of dollars even though they had not
opened accounts with the global commerce company that operates out of
La Vista, according to Lincoln Police Department and Lancaster County
Sheriff’s Office records.

The thieves used the names, Social Security numbers and date-of-birth
information to open lines of credit with PayPal, then went on an
online spending spree and shut down the accounts the same day, Sheriff
Terry Wagner said.

The thieves usually hit their marks for several hundred dollars at a
time, buying video games including "Call of Duty" and shipping them to
storage units in South El Monte, Calif.

Nearly all of the victims work or worked for BNSF Railway Co.

The thefts started in Lancaster County in June, according to sheriff's
reports. Three months later, the hackers hit two more marks for a
total of $397. Both of those reports mention a BNSF data breach, a
month after company representatives told the Bismarck Tribune
newspaper that company techs scoured its digital infrastructure and
turned up no evidence hackers made off with sensitive information.

BNSF spokesman Andy Williams acknowledged Tuesday that "some" BNSF
employees have fallen victim to identity thieves, but declined to say
how many lived in Lincoln, Nebraska or elsewhere. The company employs
nearly 40,000 people, according to its website.

BNSF investigators combing the company's technology systems still have
found no evidence hackers penetrated its defenses, he said in an email

"We do not know how this information was obtained," he added.

As BNSF investigators work with law enforcement to find out what's
going on, the company is paying to monitor the victims' credit,
Williams said.

The railroad giant traced the hackers' IP addresses to China, Wagner
said, and if the goods headed offshore, it will hog-tie efforts to get
them back.

"Any hopes of recovery are zilch unless some federal agency gets
involved," Wagner said.

PayPal covered the purchases charged in several of the victims' names,
but it's unclear whether officials with the company ate the loss in
all the frauds. Representatives didn't respond to requests for comment
and information Tuesday.

Ray Poole won't have to pay $800 for video games he never bought. On
March 12, someone opened an account using the 58-year-old Lincoln
man's date of birth and Social Security number, and then racked up a
bill of $796.55 for 16 purchases, mostly for video games.

Poole works as a BNSF machinist and has been with the company for 37
years. His wife, Barb Poole, said she's heard rumblings about these
frauds affecting other employees and a possible data breach. Still,
higher-ups at the company are mum.

"Nobody is admitting to anything, of course," she said.

The Pooles didn't know about the fraud until Friday, when they got a
bill from PayPal. On Monday, they got a letter dated March 20 from the
company alerting them of "suspicious activity" on the account.

"It was long after I already submitted the stuff to the sheriff's
department," Barb Poole said.
Dataloss Mailing List (dataloss () datalossdb org)
Archived at http://seclists.org/dataloss/
Unsubscribe at http://datalossdb.org/mailing_list


Risk Based Security (http://www.riskbasedsecurity.com/)
Risk Based Security equips organizations with security intelligence, risk
management services and on-demand security solutions to establish
customized risk-based programs to address information security and
compliance challenges. 

  By Date           By Thread  

Current thread:
  • Hackers set up accounts in names of local railroad workers Erica Absetz (Mar 27)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]