Customer Data

Barnes & Noble, the country's largest bookseller, said data thieves hacked into payment devices and may have stolen customer credit and debit card information at 63 of its stores nationwide, including 20 in California. Hackers planted bugs in a single card reader at each of the stores, the company said. Customers swipe their payment cards through the machines and, if using a debit card, enter their personal identification number. Those PINs may be at risk, along with other account information, potentially giving thieves access to customers' private accounts.

A wave of bank cyber attacks has resumed, with many JPMorgan Chase & Co. customers unable to access their Internet banking accounts. Chase's online systems, under attack all day Tuesday, were still not completely operational by evening. “We're working to get things back to full speed,” bank spokesman Michael Fusco said. No customer data had been compromised, and the bank's mobile, telephone and ATM networks were functioning properly, he said. Fact check: Is China involved in cyber attacks?

TJX Cos., operator of T.J. Maxx and Marshalls discount stores, said its computer systems were hacked in mid-December and customer data had been stolen. TJX said the extent of the intrusion was not yet known. It said the break-in was kept confidential upon the request of law enforcement officials.

More than 30 journalists and executives at western news organizations in China, including the New York Times, have had their computers hacked, according to Mandiant, a security firm that monitors such attacks. Over the last four months, the hackers managed to infiltrate the Times' computers, the newspaper reported Thursday. In a lengthy piece, the newspaper said the hackers had penetrated its computers and obtained passwords for reporters and other employees. The hackers have been blocked and security tightened to prevent another attack, which followed an investigation by the paper into finances of relatives of Wen Jiabao, China's premier.

Customer data stolen by computer hackers from TJX Cos. has been used to make fraudulent debit card and credit card purchases in the U.S. and overseas, the Massachusetts Bankers Assn. said. The fraudulent purchases have been made in Florida, Georgia and Louisiana, and overseas in Hong Kong and Sweden, the association said. Last week, TJX said hackers had broken into a system that handles credit and debit card transactions as well as checks and merchandise returns.

Marriott International Inc. said its time-share unit lost backup computer tapes containing data on 206,000 employees, time-share owners and customers. Marriott said its Vacation Club International unit was investigating how the tapes disappeared from its Orlando, Fla., corporate office. Marriott said it mailed notification letters to customers and employees.

Hotels.com, a unit of Internet travel agency Expedia Inc., said addresses and credit card information for about 243,000 of its customers were on a laptop computer stolen from the car of an employee at auditing firm Ernst & Young. The laptop was a random theft, and none of the information seems to have been accessed, Hotels.com spokesman Paul Kranhold said.

Ameriprise Financial Inc., the former brokerage unit of American Express Co., said a company laptop computer that contained information on about 158,000 customers had been stolen. There haven't been any reports of misuse of the lost data, Minneapolis-based Ameriprise said Wednesday. The laptop was stolen from a locked car that belonged to an employee, and the incident was a "random criminal act," Ameriprise said.

A top federal regulator warned the banking industry on Monday that it could face new government restrictions if it doesn't curb the sale of customers' personal financial data to telemarketers. "The persistent failure of the industry itself to address abusive conduct creates a fertile seedbed for legislation," John D. Hawke Jr., comptroller of the currency, said in an unusually forthright speech to bank lending officers in San Francisco.

Several of California's largest banks confirmed Wednesday that they sell or release private information about their customers to third-party marketing companies. Bank of America, Wells Fargo and Union Bank--which together control about 60% of the California market--each said they have shared personal or financial information about their customers through agreements with outside vendors or telemarketers. On Wednesday, state regulators in Minnesota sued Minneapolis-based U.S.

Papa John's Pizza is facing a $250-million lawsuit from customers who claim that the fast-food chain illegally sent them 500,000 promotional text messages in 2010. The lawsuit was granted class-action status by a U.S. District Court judge in Seattle late last week, according to a statement from the Heyrich Kalish McGuigan law firm. Participants are seeking $500 for each unwanted text, which they say Papa John's sent without their permission. The complaint alleges that some of the chain's franchisees used the marketing company OnTime4U to send a flood of messages about pizza deals to a database of customers who had previously ordered from Papa John's.

Barnes & Noble, the country's largest bookseller, said data thieves hacked into payment devices and may have stolen customer credit and debit card information at 63 of its stores nationwide, including 20 in California. Hackers planted bugs in a single card reader at each of the stores, the company said. Customers swipe their payment cards through the machines and, if using a debit card, enter their personal identification number. Those PINs may be at risk, along with other account information, potentially giving thieves access to customers' private accounts.

GoDaddy said hackers were not responsible for millions of websites it hosts going offline Monday. The Arizona-based company, which has registered more than 53 million Internet domains and hosts more than 5 million websites, said the issues were caused by internal problems. "The service outage was not caused by external influences. It was not a "hack" and it was not a denial of service attack (DDoS)," the company's interim chief executive, Scott Wagner, said in an email statement Tuesday morning.

Seven months after dropping a movie project based on the board game "Ouija" over concerns about its proposed budget of about $150 million, Universal Pictures is again planning to make the picture — but at a much reduced cost. The studio on Monday announced it was going to target the film for release in 2013 but did not say when it planned to begin production. People familiar with the matter but not authorized to speak publicly said the new "Ouija," which will be produced by Jason Blum ("Paranormal Activity")

Will Ticketmaster be outpunched by its former chief executive? Fred Rosen, who is credited as the primary architect of Ticketmaster's dominance in the ticketing business, this weekend will begin rolling out a new service to rival his old company. And he's starting by taking away Ticketmaster's biggest customer — AEG, a Los Angeles entertainment company owned by billionaire Philip Anschutz that promotes thousands of concerts a year and operates more than 130 venues around the world, including Staples Center and L.A. Live.

West Hills resident Victoria Afonina works as a computer programmer for a major supermarket chain, so she knows probably better than most people how vulnerable her personal information is once it gets out into the open. She routinely tells banks and other financial-service providers that they can't share her information with other companies. So it came as something of a shock when a letter arrived from Chase bank the other day informing Afonina that her name, address and account numbers were among confidential customer data that had been shared with another business.

AT&T Inc. said it had settled with 13 data brokers it accused of fraudulently obtaining customer phone records after the brokers agreed to an undisclosed cash settlement and not to seek customer data in the future. The agreements, the result of lawsuits filed in San Antonio and San Francisco, were all reached within the last month, an AT&T spokesman said. Two other settlements are expected to be entered in the next few days.

Buy.com Inc., a leading online retailer, said that a security breach in its merchandise return system may have exposed thousands of customers' names, phone numbers and addresses over the Internet. The Aliso Viejo company said no credit card information or other sensitive personal data were compromised. The firm, an online superstore with 3 million customers, said it sealed the security hole within three hours of learning about the problem Thursday afternoon. It was the first time that Buy.

Marc Maiffret used to be a computer hacker. Now he gets paid to break into the systems of Southern California businesses, testing for security weaknesses. His client today is a major Los Angeles auto dealer, which sells fancy luxury cars to celebrities and corporate execs. The head of the company wants to check on the safety of his customer data. It's not an idle worry. Just days earlier, a 28-year-old Miami man was charged by federal authorities with hacking into multiple computer systems and stealing 130 million credit and debit card numbers -- the largest computer crime ever prosecuted.

Five Southern California home lenders improperly tapped into the personal financial information of some customers seeking loans through LendingTree Inc., according to a lawsuit filed this week by the Internet mortgage broker. The suit, filed Monday in Orange County Superior Court, alleges that two former executives of LendingTree, which matches prospective home buyers with lenders, swiped customer passwords and gave the lenders unauthorized access to consumer information.