TKC Credit Card Numbers Found on Hacker Site
Credit card information of 35 King’s students and alumni (from August 2009) have been found on a notorious "carding" site. Almost 40,000 hackers currently have access to full credit card numbers, locations, names and even CCV numbers (used to further authenticate credit cards). Legal authorities are now working to have the website remove the sensitive information. The College has contacted the 35 affected individuals. Their payment information regards King’s housing deposits, gym memberships and enrollment deposits.
"We deeply regret that 35 people had their personal information compromised," Chief Administration Officer Duanne Moeller said. "We've taken all responsible steps to dramatically decrease the likelihood of such episodes, and we're working with authorities to pursue the thieves."
A student found the site by Googling their phone number and contacted administration. The Lewis Review published an article about the student's surprising discovery Tuesday, Sept. 13th.
Since 2009, the IT department has upgraded security to better protect against hacking. The TKC online payment system undergoes security audits four times a year and is certified by Security Metrics as PCI compliant – an industry standard.
The "carding" site (not named for security purposes) functions as an international database and forum for stolen credit card numbers. For those unfamiliar with the “carding” business, it is one of the stealthiest forms of identity and credit card theft today. Generally, credit card information is stolen when hackers are able to break into websites where the information has been stored. Due to the nature of the site which released the information, it was likely obtained in this manner.
The site where the King’s numbers were found has been involved in a number of prominent cases of fraud and carding, including that of Vladislav Anatolievich Horohorin, a top international seller of card data until his arrest in 2009. The Secret Service shut down other sites of Horohorin’s back in 2004, but many of the networks to which he sold information still exist. They have been classified as some of the most sophisticated sites in the online world, and the government has had difficulty shutting them down.
"The King's College will never ask for your credit card information, any type of pass code, or social security number through email," a TKC press release dated Sept. 15th reads. "If you receive any mail or email from The King's College that seems suspicious, please contact us to verify that it came from us and do not respond to it until you receive such verification."