BreachExchange mailing list archives

Previous By Date Next
Previous By Thread Next

fringe: Big-Box Breach: The Inside Story of Wal-Mart's Hacker Attack

From: lyger <lyger () attrition org>
Date: Tue, 13 Oct 2009 19:02:43 +0000 (UTC)

http://www.wired.com/threatlevel/2009/10/walmart-hack/

Wal-Mart was the victim of a serious security breach in 2005 and 2006 in 
which hackers targeted the development team in charge of the chain.s 
point-of-sale system and siphoned source code and other sensitive data to 
a computer in Eastern Europe, Wired.com has learned.

Internal documents reveal for the first time that the nation.s largest 
retailer was among the earliest targets of a wave of cyberattacks that 
went after the bank-card processing systems of brick-and-mortar stores 
around the United States beginning in 2005. The details of the breach, and 
the company.s challenges in reconstructing what happened, shed new light 
on the vulnerable state of retail security at the time, despite 
card-processing security standards that had been in place since 2001.

In response to inquiries from Wired.com, the company acknowledged the hack 
attack, which it calls an .internal issue.. Because no sensitive customer 
data was stolen, Wal-Mart had no obligation to disclose the breach 
publicly.

Wal-Mart had a number of security vulnerabilities at the time of the 
attack, according to internal security assessments seen by Wired.com, and 
acknowledged as genuine by Wal-Mart. For example, at least four years. 
worth of customer purchasing data, including names, card numbers and 
expiration dates, were housed on company networks in unencrypted form. 
Wal-Mart says it was in the process of dramatically improving the security 
of its transaction data, and in 2006 began encrypting the credit card 
numbers and other customer information, and making other important 
security changes.

[...]
_______________________________________________
Dataloss Mailing List (dataloss () datalossdb org)

Get business, compliance, IT and security staff on the same page with
CREDANT Technologies: The Shortcut Guide to Understanding Data Protection
from Four Critical Perspectives. The eBook begins with considerations
important to executives and business leaders.
http://www.credant.com/campaigns/ebook-chpt-one-web.php
Previous By Date Next
Previous By Thread Next

Current thread: