Monday, July 27, 2009

Another Epic Example of Card's Getting Swiped When They're Typed

Network Solutions Hack Compromises 573,000 Credit, Debit Accounts

Editor's Note:  In yet another epic example of why a software based approach to conducting credit/debit card transactions will never work, Brian Krebs, from the Washington Post reports that there has been another major hack.  This time, it is "Network Solutions" which allows consumers to  purchase website hosting packages, register domain names,etc. 

Speaking of registering...did you get a chance to "register" your information for this breach?  If not, registration is easy...forms can be found and completed anywhere they ask you to "type" your credit/debit card number into a box on a website.  


You can register multiple times to increase your chances for winning a free 12 month credit monitoring package!  (includes hours of fun speaking to your  credit/debit card company, your financial institution and the possibility that you may be reimbursed for your cash losses within 6 months.)  Plus you get a SHINY BRAND NEW CARd!   So go ahead...enter now!  You might even make the news!  Or you can "swipe" your own card so that the hackers never can. 

Hackers have broken into Web servers owned by domain registrar and hosting provider Network Solutions, planting rogue code that resulted in the compromise of more than 573,000 debit and credit card accounts over the past three months, Security Fix has learned.

Herndon, Va. based Network Solutions discovered in early June that attackers had hacked into Web servers the company uses to provide e-commerce services - a package that includes everything from Web hosting to payment processing -- to at least 4,343 customers, mostly mom-and-pop online stores.

The malicious code left behind by the attackers allowed them to intercept personal and financial information for customers who purchased from those stores, Network Solutions spokeswoman Susan Wade said.

Wade said the company is working with federal law enforcement and a commercial data breach forensics team to determine the cause and source of the break-in. The payment data stolen was captured from transactions made between March 12, 2009 and June 8, 2009.

On Friday, Network Solutions began notifying affected customers by e-mail and postal mail. Due to the potential high cost of notifying individual victims, the hosting company is offering to handle the notification of affected customers of the breached online stores. Forty-five states and the District of Columbia have enacted laws requiring organizations to notify consumers when a data breach or loss jeopardizes the security of personal and financial data, but the rules for complying with those laws differ from state to state.

"We feel terribly about it to burden them with the notification process, which can be kind of tricky because there is no one federal data breach statute," Wade said.

Network Solutions also is offering to pay for 12 months of credit monitoring service through Trans Union for each consumer whose financial and personal data was compromised.

By Brian Krebs
Reblog this post [with Zemanta]

Disqus for ePayment News