|
IT Developments
Date Prev | Date Next |
Date Index |
Thread Index |
Author Index |
Historical
Network Solutions breach exposes nearly 600,000
- From: Brian Warkoczeski
- Date: Tue Jul 28 08:28:33 2009
Network Solutions breach exposes nearly 600,000
by Elinor Mills
July 27, 2009
www.cnet.com
Network Solutions is investigating a breach on its servers that may have
led to the theft of credit card data of 573,928 people who made
purchases on Web sites hosted by the company.
Networks Solutions notified 4,343 of its nearly 10,000 e-commerce
merchant customers on Friday about the breach. It affects 573,928
cardholders whose name, address, and credit card number were exposed
between March 12 and June 8, said Susan Wade, a spokeswoman for Network
Solutions.
Mysterious code was discovered in early June on servers hosting
e-commerce customer sites during routine maintenance, she said. The
company called in a third-party forensics team to help with the
investigation, and the team was able to crack some of the code on July
13, determining that it could be related to credit card data, she added.
Credit card transactions were intentionally diverted by an unknown
source from certain Network Solutions servers to servers outside,
Network Solutions wrote in an e-mail to merchant customers.
"So we notified law enforcement and began the process of notifying our
customers," Wade said. "At this point, we don't have a reason to believe
that (the data) has been used, but we are working with the credit card
companies," nonetheless.
Network Solutions also is paying to have credit-monitoring specialist
TransUnion help the merchants notify their customers according to data
breach notification laws in effect in certain states. Affected consumers
will get 12 months of free credit-monitoring services.
It's unknown how the malicious code got onto the system and where it
came from, Wade said.
Merchants and consumers can get more information on the Care and Protect
Web site Network Solutions has set up. "We really feel terribly about
this," Wade said.
"We store credit card data in an encrypted manner, and we are PCI
(Payment Card Industry)-compliant. Unfortunately, any company operating
in our business could have become a victim of this type of invasion,"
the company said on a blog post on the customer information Web site.
"In this situation, the unauthorized code appears to have transmitted
information about credit card transactions as they were being completed;
it did not involve a vulnerability in the way we store data in our systems."
The breach does not affect Network Solutions' other businesses, which
include domain registration, e-mail hosting, and online marketing.
|
|
|
