WNCT.com reports that the Lenoir County Sheriff’s Office in North Carolina has arrested and charged two former employees of Wilco-Hess convenience stores for credit card and identity theft.

A local man alerted the authorities when he discovered his bank card missing from his wallet. He contacted his bank and learned that the card had indeed been used at the Wilco Hess store. The police later confirmed the fraud suspects in these incidents were two female store employees. They were arrested and held under a $15,000.00 secured bond. Both women were charged with three counts of identity theft, three counts of obtaining property by false pretenses, and one count of financial card theft.

According to Wall Street and Technology, the U.S. financial industry was the industry by far most targeted by phishing attacks around the world in 2008. A new report by security company RSA said that these financial institutions accounted for a massive 68% of all phishing attacks against the world’s financial institutions.

While the U.S led by a huge margin in terms of the number of attacked brands during 2008, the UK led in terms of total volume of attacks. This is a result of several massive surges of attacks against a small number of the country’s financial institutions during 2008, according to RSA.

According to Tampa Bay Online, the Postal Inspection Service (PIS) caught a postal worker stealing mail after 60 customers on her mail route complained of stolen and opened mail.

Amanda Turner failed a “test” set up by the PIS, in which investigators sent out a mailing that included an envelope with a Target gift card. Turner took the bait, and stole the gift card. She confessed to stealing the Target gift card and other gift cards, and was sentenced to three years of probation on a charge of theft of mail by a postal employee.

According to DigitalTrends.com, the Department of Justice has been sending phishing e-mails to its own employees to test their security awareness.

Employees were sent emails from the “Thrift Savings Plan Account Coordinator,” asking them to provide their login details by January 31st for information about their 401k plans.

However, it backfired as employees realized they were phishing mails and began sending warnings. Finally, the DOJ admitted they were behind the hoax.

A memo from Ted Shelkey, assistant director for information systems security, said: “We have learned that the messages are part of a hoax invented and distributed by DOJ to test employee security awareness. The bailout web sites are not malicious. There is no need to distribute warning messages to colleagues and law enforcement contacts. Please delete all such messages and associated alerts.”

The Ponemon Institute reports that a data breach may cost a company $6.65 million, according to a Computer World article.

In 2008 the average total cost of a data breach was $6.65 million, up from $6.35 million last year and $4.54 in 2005. In 2008, the per-victim cost of a data breach was $202, up from $197 in 2007, and from $138 when the study was launched in 2005. Breaches involving a third party to which data had been outsourced bore a per-victim cost of $231, whereas self contained breaches bore a per-victim cost of $179. Breaches that were the result of a malicious act bore a per-victim cost of $225, whereas breaches that were the result of negligence bore a per-victim cost of $199. Breaches that were the result of a lost of stolen laptop computer bore a per-victim cost of $249, whereas breaches that did not involve a lost or stolen laptop computer bore a per-victim cost of $177. If the data breach was a first-time event for the company the per victim cost was $243, but if the company had experienced a breach previously the per victim cost was $192.

The institute concluded that the financial impact for a company that experiences a data breach is significant and rising.