BreachExchange mailing list archives
fringe: Big-Box Breach: The Inside Story of Wal-Mart's Hacker Attack
From: lyger <lyger () attrition org>
Date: Tue, 13 Oct 2009 19:02:43 +0000 (UTC)
http://www.wired.com/threatlevel/2009/10/walmart-hack/ Wal-Mart was the victim of a serious security breach in 2005 and 2006 in which hackers targeted the development team in charge of the chain.s point-of-sale system and siphoned source code and other sensitive data to a computer in Eastern Europe, Wired.com has learned. Internal documents reveal for the first time that the nation.s largest retailer was among the earliest targets of a wave of cyberattacks that went after the bank-card processing systems of brick-and-mortar stores around the United States beginning in 2005. The details of the breach, and the company.s challenges in reconstructing what happened, shed new light on the vulnerable state of retail security at the time, despite card-processing security standards that had been in place since 2001. In response to inquiries from Wired.com, the company acknowledged the hack attack, which it calls an .internal issue.. Because no sensitive customer data was stolen, Wal-Mart had no obligation to disclose the breach publicly. Wal-Mart had a number of security vulnerabilities at the time of the attack, according to internal security assessments seen by Wired.com, and acknowledged as genuine by Wal-Mart. For example, at least four years. worth of customer purchasing data, including names, card numbers and expiration dates, were housed on company networks in unencrypted form. Wal-Mart says it was in the process of dramatically improving the security of its transaction data, and in 2006 began encrypting the credit card numbers and other customer information, and making other important security changes. [...] _______________________________________________ Dataloss Mailing List (dataloss () datalossdb org) Get business, compliance, IT and security staff on the same page with CREDANT Technologies: The Shortcut Guide to Understanding Data Protection from Four Critical Perspectives. The eBook begins with considerations important to executives and business leaders. http://www.credant.com/campaigns/ebook-chpt-one-web.php
Current thread:
- fringe: Big-Box Breach: The Inside Story of Wal-Mart's Hacker Attack lyger (Oct 13)