RSS Alerts

Share

More services

Related Links

Related Stories

  • Heartland card payment system breach bigger than TJX?
    Reports are coming in that a New Jersey-based payment processor's IT systems have been compromised in what experts are calling the biggest payment card data breach ever.
  • PCI: here to stay
    As retailers face the costs and changes involved in complying with the Payment Card Industry Data Security Standard, its worth and necessity are up for debate, with some arguing it gives a raw deal to retailers. Dan Ilett investigates
  • Lloyds TSB turns fraud-detection software on staff
    Lloyds TSB has purchased pattern-recognition software from US vendor Actimize for detecting employee fraud within its retail banking operation. Use of such software is already common in financial services for spotting fraud in external transactions, such as credit card spending.
  • What’s in store for 2010?
    The Noughties are behind us now, but memories of a decade of data breaches will continue to haunt the infosec professional. If only there was a way of knowing what the threat landscape would look like in the months to come. Well you’re in luck as Davey Winder has dusted off the crystal ball and spoken to a broad church of infosec professionals to get some informed predictions for 2010
  • IMF spear phishing attack success highlights difficulty in defending IT security resources
    The weekend's revelations that the servers of the International Monetary Fund (IMF) have been breached using a spear phishing attack have been met with equanimity by the IT security industry.

Top 5 Stories

News

Network Solutions hit by major card data breach

27 July 2009

A major data breach - potentially impacting more than 570,000 cardholders around the world - has been discovered by Network Solutions, the internet hosting and systems company.

Security experts are calling the hack - which took place between March 12 and June 8 this year - of significant magnitude.

The internet service firm says it discovered the breach of its databases in early June, and has concluded that the details of as many as half of its customer base may have been compromised.

The Washington Post quotes Susan Wade, a Network Solutions spokesperson, as saying that the hackers left behind malicious code, which allowed them to intercept personal and financial information for people who made purchases at the stores hosted on those servers.

Wade has said her company is working with federal law enforcement and a commercial data breach forensics team to determine the cause and source of the break-in.

According to Steve Moyle, chief technology officer of database security provider Secerno, what many experts are likely to be asking is how this breach could have happened and gone on for such an extended period after the lessons of Heartland.

"The reality is that many enterprises are behind in security protection efforts, such as anti-virus updates, due to shrinking IT budgets," he said.

"In a recent webinar offered by Forrester and Secerno, Forrester revealed that 60 per cent of enterprises are behind in implementing security patches, which is consistent with what we are seeing in the field," he added.

According to Moyle, company IT departments simply do not have the resources to complete these updates in a timely fashion, resulting in network vulnerabilities that are easily exploited.

Moyle said that what happened at Network Solutions can be considered a primer to the modus operandi of the latest generation of hackers.

"Malware was planted on locations with access to credit card and other financial data, with the data grabbed and sent to a location off the Network Solutions network. From what we have witnessed at Secerno, we estimate that much of this data was used for immediate fraudulent transactions," he explained.

"The coming weeks will reveal more detail, including the identity and locations of the more than half a million people affected. We hope that all organizations that work with personal financial data consider the implications that this breach has for their businesses, and we commend Network Solutions for being proactive in helping retailers inform those affected," he said.

Newswire reports suggest that, given the extended nature of the breach, the data may have changed hands many times by now.

Infosecurity notes that, even if elements of the breached files were marketed for a smalls sum for each account on so-called carder forums, the revenue stream for the hackers would have been well into six figures in dollar terms.

Network Solutions has announced it is offering 12 months of credit monitoring for those accounts that may have been breached.

This article is featured in:
Compliance and Policy  • Data Loss  • Internet and Network Security

 

Comment on this article

You must be registered and logged in to leave a comment about this article.

Terms & Conditions |Privacy |Website Design|Reed Exhibitions. All rights reserved. Copyright © 2012