How embarrasing… Computer security firms database hacked



The Washington Times, has a story from Brian Krebs of their Security Fix blog about …

Guidance Software — the leading provider of software used to diagnose hacker break-ins — has itself been hacked, resulting in the exposure of financial and personal data connected to thousands of law enforcement officials and network-security professionals.


Guidance Software notifified customers on December 7th, over 3000 credit card numbers were stolen. The security breech happened sometime in November. They notified their customers within 2 days of the discovery of the breakin and have decided no longer to store credit card information on their own servers. (Although the breakin went unnoticed for about 2 weeks.)

“This certainly highlights the fact that intrusions can happen to anybody and that nobody should be complacent about security,” he said. Colbert declined to discuss further details of the attack, citing the ongoing investigation.

Guidance stored customer records in unencrypted databases, and indefinitely retained customers’ “card value verification” (CVV) numbers, the three-digit codes on the back of credit cards that are meant to protect against fraud in online and telephone sales, according to Colbert and the notification letter sent to customers.

Merchant guidelines published by both Visa and Mastercard require sellers to encrypt customer credit-card databases. They are also prohibited from retaining CVV numbers for any longer than it takes to verify a given transaction.

“Unfortunately, most cyber crimes require being worked very quickly in order to gather data before it is purged either by attackers or just in the normal course of business,” said Doug Rehman, president of Rehman Technology Services in Mount Dora, Fla., who learned that his credit card and personal data had been exposed.

Wow, it’s certainly embarrasing I’m sure for a security related IT company to have such a breach. I’m pleased that their customers were notified so soon after discovery, however given the software they produce, you would think they might have detected it sooner. The unencrypted database of credit card numbers is a big no no from the standpoint of the credit card companies (and the retention of CCV numbers…) Maybe this can be a wake up call for any company that processes credit cards? I also wonder if the company became more of a target for the kind of software they write?

Related Posts

Blog Traffic Exchange Related Posts
  • How to Remove Live Enterprise Suite | Live Enterprise Suite Removal Guide Live Enterprise Suite is yet another rogue security application. This is a successor to the frustrating Internet Antivirus Pro and Ghost Antivirus rogues. Like many of these security rogues they are pushed through malware and aggressive advertising. This may be a website that when visited a screen pops up that......
  • Another example of how we're vulnerable for identity theft The SecurityFix is reporting on a security breech at reevesnamepins.com a company that supplies (among others) law enforcement personnel. Apparently, CardCops (which monitors for possible stolen data), discovered names and addresses of several law enforcement officers from across the country. The common denominator seemed to be recent orders at reevesnamepins.com......
  • Another IE security flaw this one could lead to data theft I saw this earlier this afternoon at betanews.com there seems to be a flaw in the way Internet Explorer deals with css that could put your data at risk. According to this article it is a risk combined with Google Desktop. This can be "fixed" by disabling scripting or using......
Blog Traffic Exchange Related Websites
  • Turn Your Webcam Into a Credit Card Reader. Is Jumio the Next Paypal? Wish you could offer your customers the convenience of swiping their credit cards to pay for your products?  Jumio has just come out with Netswipe, a free Wordpress plugin and smartphone app that reads credit cards through your customer's webcam. How Does It Work? With Optical Character Recognition technoligy, the......
  • Growing Your Business with a Company Blog If you are looking for a way to grow your business but you don’t have a lot of available resources at your disposal, a corporate blog is one of the easiest means of accomplishing this goal. The set up costs are minimal and with the right management, you can easily......
  • Open Letter to Congress: Stay Away from Business Credit Cards I was shocked and then disappointed when I read the title of a recent WSJ article, “Lawmakers Urge Crackdown on Business Cards.”  The Author, Jessica Silver-Greenberg, sums up the request from the usual players in the world of “Americans are too stupid to take care of themselves” A group of......
www.pdf24.org    Send article as PDF   

Similar Posts


See what happened this day in history from either BBC Wikipedia
Search:
Keywords:
Amazon Logo

Comments are closed.


Switch to our mobile site