Breach, undetected since '05, exposes data on Kingston customers

[Chris Walsh <cwalsh () cwalsh org>]

July 17, 2007  (Computerworld) -- A September 2005 security breach  
that remained undetected until "recently" may have compromised the  
names, addresses and credit card details of roughly 27,000 online  
customers of computer memory vendor Kingston Technology Company Inc.

The Fountain Valley, Calif.-based company began sending letters to  
affected customers informing them of the incident last week.

According to a spokesman, Kingston's IT team "detected  
irregularities" in the company computer systems at some unspecified  
point in time and -- along with a team of forensic computer experts  
-- began investigating the issues. It was not until after that probe  
was completed and a final report released on May 22 that Kingston  
could confirm the scope of the intrusion and its impact.

"After confirming what data was accessed and who was affected,  
Kingston had to gather the appropriate contact information and  
arrange for consumer protection services and materials to notify the  
impacted consumers," the spokesman said.

But the company did not offer details on how or when the breach was  
discovered and how long it waited to notify customers about the  
potential compromise of data. Kingston, which had $3 billion in sales  
last year, also did not offer any explanation on the nature and scope  
of the breach itself or why it remained undetected for so long. The  
spokesman added that the breach is believed to have been perpetrated  
by an external attacker.
[...]
http://www.computerworld.com/action/article.do? 
command=printArticleBasic&articleId=9027220
_______________________________________________
Dataloss Mailing List (dataloss () attrition org)
http://attrition.org/dataloss
Tracking more than 213 million compromised records in 720 incidents over 7 years.