Re: IN: Hacker gets state credit card info

["B.K. DeLong" <bkdelong () pobox com>]

Another PCI DSS violation. It will be interesting to see if any action
is taken. I believe most states qualify as Tier 1 merchants....

On 2/10/07, lyger <lyger () attrition org> wrote:
> http://www.fortwayne.com/mld/journalgazette/16667910.htm
>
> State technology officials sent letters Friday to 5,600 people and
> businesses informing them that a hacker obtained thousands of credit card
> numbers from the state Web site.
>
> Although numbers are usually encrypted or shortened to the last four
> digits, the Office of Technology conceded a technical error allowed the
> full credit card numbers to remain on the system and be viewed by the
> intruder.
>
> "Like thousands of web sites, the state's web site is constantly under
> attack from hackers," the letter said. "To repel these attacks, the state
> has implemented the highest levels of security and submitted itself to
> regular independent audits to ensure that data is safeguarded".
>
> [...]
> _______________________________________________
> Dataloss Mailing List (dataloss () attrition org)
> http://attrition.org/dataloss
> Tracking more than 146 million compromised records in 566 incidents over 7 years.


-- 
B.K. DeLong (K3GRN)
bkdelong () pobox com
+1.617.797.8471

http://www.wkdelong.org                    Son.
http://www.ianetsec.com                    Work.
http://www.bostonredcross.org             Volunteer.
http://www.carolingia.eastkingdom.org   Service.
http://bkdelong.livejournal.com             Play.


PGP Fingerprint:
38D4 D4D4 5819 8667 DFD5  A62D AF61 15FF 297D 67FE

FOAF:
http://foaf.brain-stream.org
_______________________________________________
Dataloss Mailing List (dataloss () attrition org)
http://attrition.org/dataloss
Tracking more than 146 million compromised records in 566 incidents over 7 years.