I recently posted about a data breach that had to do with a company called iBill. Here’s an update from SANS NewsBites:

iBill says that large quantities of stolen customer data linked to the on-line payment company are in fact not theirs. One of the data files contains information about 17 million customer records and was discovered on a website purportedly used by phishers. Another group of data, containing information on just over one million people, was found on a spamming web site. iBill President Gary Spaniak Jr. says when his company cross referenced the database with 17 million people's information, with their own customer database just three email addresses matched. iBill does a large part of its business with adult services; an individual who had originally linked the large database with iBill, now says that perhaps it was deliberately mislabeled by a data thief because databases of adult services transactions are particularly sought-after by spammers. No one claims to know the stolen data's origins.