BreachExchange mailing list archives

Re: IN: Hacker gets state credit card info

From: "B.K. DeLong" <bkdelong () pobox com>
Date: Sat, 10 Feb 2007 07:42:46 -0500

Which reminds me - I'm going to be by annoying self and suggest we
start tracking confirmed compliance violations. We know TJX violated
PCI and the Indiana case certainly does.

It would be interesting to also note if action is taken since there is
an increasing realization that compliance laws and standards aren't
really being enforced - much to the frustration of companies spending
thousands to millions of dollars on meeting these laws/standards.

On 2/10/07, B.K. DeLong <bkdelong () pobox com> wrote:

Another PCI DSS violation. It will be interesting to see if any action
is taken. I believe most states qualify as Tier 1 merchants....

On 2/10/07, lyger <lyger () attrition org> wrote:


http://www.fortwayne.com/mld/journalgazette/16667910.htm

State technology officials sent letters Friday to 5,600 people and
businesses informing them that a hacker obtained thousands of credit card
numbers from the state Web site.

Although numbers are usually encrypted or shortened to the last four
digits, the Office of Technology conceded a technical error allowed the
full credit card numbers to remain on the system and be viewed by the
intruder.

"Like thousands of web sites, the state's web site is constantly under
attack from hackers," the letter said. "To repel these attacks, the state
has implemented the highest levels of security and submitted itself to
regular independent audits to ensure that data is safeguarded".

[...]
_______________________________________________
Dataloss Mailing List (dataloss () attrition org)
http://attrition.org/dataloss
Tracking more than 146 million compromised records in 566 incidents over 7 years.



--
B.K. DeLong (K3GRN)
bkdelong () pobox com
+1.617.797.8471

http://www.wkdelong.org                    Son.
http://www.ianetsec.com                    Work.
http://www.bostonredcross.org             Volunteer.
http://www.carolingia.eastkingdom.org   Service.
http://bkdelong.livejournal.com             Play.


PGP Fingerprint:
38D4 D4D4 5819 8667 DFD5  A62D AF61 15FF 297D 67FE

FOAF:
http://foaf.brain-stream.org



-- 
B.K. DeLong (K3GRN)
bkdelong () pobox com
+1.617.797.8471

http://www.wkdelong.org                    Son.
http://www.ianetsec.com                    Work.
http://www.bostonredcross.org             Volunteer.
http://www.carolingia.eastkingdom.org   Service.
http://bkdelong.livejournal.com             Play.


PGP Fingerprint:
38D4 D4D4 5819 8667 DFD5  A62D AF61 15FF 297D 67FE

FOAF:
http://foaf.brain-stream.org
_______________________________________________
Dataloss Mailing List (dataloss () attrition org)
http://attrition.org/dataloss
Tracking more than 146 million compromised records in 566 incidents over 7 years.

Current thread:

IN: Hacker gets state credit card info lyger (Feb 10)
- Re: IN: Hacker gets state credit card info B.K. DeLong (Feb 10)
  - Re: IN: Hacker gets state credit card info B.K. DeLong (Feb 10)
- <Possible follow-ups>
- Re: IN: Hacker gets state credit card info DAIL, ANDY (Feb 12)