How embarrasing… Computer security firms database hacked



The Washington Times, has a story from Brian Krebs of their Security Fix blog about …

Guidance Software — the leading provider of software used to diagnose hacker break-ins — has itself been hacked, resulting in the exposure of financial and personal data connected to thousands of law enforcement officials and network-security professionals.


Guidance Software notifified customers on December 7th, over 3000 credit card numbers were stolen. The security breech happened sometime in November. They notified their customers within 2 days of the discovery of the breakin and have decided no longer to store credit card information on their own servers. (Although the breakin went unnoticed for about 2 weeks.)

“This certainly highlights the fact that intrusions can happen to anybody and that nobody should be complacent about security,” he said. Colbert declined to discuss further details of the attack, citing the ongoing investigation.

Guidance stored customer records in unencrypted databases, and indefinitely retained customers’ “card value verification” (CVV) numbers, the three-digit codes on the back of credit cards that are meant to protect against fraud in online and telephone sales, according to Colbert and the notification letter sent to customers.

Merchant guidelines published by both Visa and Mastercard require sellers to encrypt customer credit-card databases. They are also prohibited from retaining CVV numbers for any longer than it takes to verify a given transaction.

“Unfortunately, most cyber crimes require being worked very quickly in order to gather data before it is purged either by attackers or just in the normal course of business,” said Doug Rehman, president of Rehman Technology Services in Mount Dora, Fla., who learned that his credit card and personal data had been exposed.

Wow, it’s certainly embarrasing I’m sure for a security related IT company to have such a breach. I’m pleased that their customers were notified so soon after discovery, however given the software they produce, you would think they might have detected it sooner. The unencrypted database of credit card numbers is a big no no from the standpoint of the credit card companies (and the retention of CCV numbers…) Maybe this can be a wake up call for any company that processes credit cards? I also wonder if the company became more of a target for the kind of software they write?

Related Posts

Blog Traffic Exchange Related Posts
  • How to Remove Windows Smart Security (Removal Guide) Windows Smart Security is a rogue spyware application that may fool people into installing and purchasing due to the use of the words Windows and Security in the title. It may fool people into thinking that it is related to Microsoft Windows and perhaps even a part of the operating......
  • Federal requirement to disclose database security breaches? Fines and prison time are among the penalties envisioned under a proposed house bill. The requirement would be that businesses with database holding information on more than 10,000 people (or federal employees) would have to inform either the Secret Service or the FBI of a data security breach. (The maximum......
  • Identity theft So, you don't click on "phishy" links, keep your pc free from spyware, only bank at secure websites, do all the good things a cautious computer user is supposed to do to keep from having your identity stolen. Your safe right? Not entirely. I just found this in the Security......
Blog Traffic Exchange Related Websites
  • Best Reads of the Week: Insurance Insider Speaks Out Edition. I haven't posted a list of my favorite articles in a while, but this week some really thought provoking content made it up on the web this week and it would be a shame not to give it a mention. When a Parent Steals Your Identity by Liz Weston.  I've......
  • Brief Interview With a Visa Representative Part 2 Last month, I had the opportunity to interview a Visa representative about debit cards (especially Visa ones). This month, I finish the interview... Q: Is it safer to use a debit or a credit card for shopping online? Shopping online is convenient and rewarding, and the vast majority of online......
  • 5 Reasons to Use a Prepaid Credit Card For many people, having a credit card is a necessity to live and operate in our world. Unfortunately, these cards come with many disadvantages, such as high interest rates and security concerns. Luckily, through the use of prepaid credit cards, many of these disadvantages can be avoided. Prepaid Credit Cards......
en.pdf24.org    Send article as PDF   

Similar Posts


See what happened this day in history from either BBC Wikipedia
Search:
Keywords:
Amazon Logo

Comments are closed.


Switch to our mobile site