Network Solutions was PCI compliant before breach

[security curmudgeon <jericho () attrition org>]

http://www.scmagazineus.com/Network-Solutions-was-PCI-compliant-before-breach/article/140642/

Network Solutions was PCI compliant before breach
Angela Moscaritolo
July 27, 2009

Web hosting firm Network Solutions on Friday announced that, despite its 
being PCI compliant, a breach had compromised approximately 573,928 
individuals' credit card information.

Network Solutions discovered unauthorized code on its servers used to 
support thousands of e-commence merchants' websites, Susan Wade, director 
of communications at Network Solutions told SCMagazineUS.com on Monday. 
The company determined that the unauthorized code may have been used by 
cybercriminals to capture transaction data, including customer names, 
addresses, and credit card numbers, and transfer it to servers outside of 
the company, she said.

Approximately 4,343 e-commerce websites were affected by the breach. 
Network Solutions could not disclose which merchants were affected but 
said the victimized merchants sell a wide variety of merchandize and are 
primarily small businesses. The breach occurred from March 12 to June 8 
and the issue has since been mitigated, Network Solutions said.

[..]
_______________________________________________
Dataloss Mailing List (dataloss () datalossdb org)

Get business, compliance, IT and security staff on the same page with
CREDANT Technologies: The Shortcut Guide to Understanding Data Protection
from Four Critical Perspectives. The eBook begins with considerations
important to executives and business leaders.
http://www.credant.com/campaigns/ebook-chpt-one-web.php