Network Solutions Hack Compromises 573,000 Credit, Debit Accounts

Editor's Note:  In yet another epic example of why a software based approach to conducting credit/debit card transactions will never work, Brian Krebs, from the Washington Post reports that there has been another major hack.  This time, it is "Network Solutions" which allows consumers to  purchase website hosting packages, register domain names,etc. 

Speaking of registering...did you get a chance to "register" your information for this breach?  If not, registration is easy...forms can be found and completed anywhere they ask you to "type" your credit/debit card number into a box on a website.  


You can register multiple times to increase your chances for winning a free 12 month credit monitoring package!  (includes hours of fun speaking to your  credit/debit card company, your financial institution and the possibility that you may be reimbursed for your cash losses within 6 months.)  Plus you get a SHINY BRAND NEW CARd!   So go ahead...enter now!  You might even make the news!  Or you can "swipe" your own card so that the hackers never can. 

Hackers have broken into Web servers owned by domain registrar and hosting provider Network Solutions, planting rogue code that resulted in the compromise of more than 573,000 debit and credit card accounts over the past three months, Security Fix has learned.

Herndon, Va. based Network Solutions discovered in early June that attackers had hacked into Web servers the company uses to provide e-commerce services - a package that includes everything from Web hosting to payment processing -- to at least 4,343 customers, mostly mom-and-pop online stores.

The malicious code left behind by the attackers allowed them to intercept personal and financial information for customers who purchased from those stores, Network Solutions spokeswoman Susan Wade said.

Wade said the company is working with federal law enforcement and a commercial data breach forensics team to determine the cause and source of the break-in. The payment data stolen was captured from transactions made between March 12, 2009 and June 8, 2009.

On Friday, Network Solutions began notifying affected customers by e-mail and postal mail. Due to the potential high cost of notifying individual victims, the hosting company is offering to handle the notification of affected customers of the breached online stores. Forty-five states and the District of Columbia have enacted laws requiring organizations to notify consumers when a data breach or loss jeopardizes the security of personal and financial data, but the rules for complying with those laws differ from state to state.

"We feel terribly about it to burden them with the notification process, which can be kind of tricky because there is no one federal data breach statute," Wade said.

Network Solutions also is offering to pay for 12 months of credit monitoring service through Trans Union for each consumer whose financial and personal data was compromised.

By Brian Krebs
Reblog this post [with Zemanta]

Posted by John B. Frank Monday, July 27, 2009

2 comments

  1. Anonymous Says:
  2. Hi John
    we understand your concern around online transactions. We take security very seriously at Network Solutions and this is a very unfortunate incident.

    We are working with law enforcement and in the meantime doing everything we can to respond to our E-commerce customers promptly at http://www.careandprotect.com.

    NG @NetworkSolutions

     
  3. Thanks for responding. It's not your system, it's "thee" system. You type, they swipe. And they always will. The only way to keep them from swiping our card data is to swipe it ourselves in the safety and privacy of our own home. As I've said for 15 months, financial transactions conducted inside the web are vulnerable. My condolences for the impact the breach will have on you and your customers. Unfortunately, this won't be the last incident.

     

Payments Industry News Blog

Search the PIN Debit Blog by Subject

Kapersky Calls for Mass Adoption of Card Readers

Kapersky Calls for Mass Adoption of Card Readers