BreachExchange mailing list archives
Data Breaches Are Heaviest at Hotels
From: Jake Kouns <jkouns () opensecurityfoundation org>
Date: Thu, 18 Mar 2010 01:38:20 -0400
http://online.wsj.com/article/SB10001424052748704743404575127674094249164.html Hackers are now stealing credit-card data from hotels more often than any other industry, according to data-security companies. In a recent report, SpiderLabs, a unit of data-security firm Trustwave, said 38% of its data-breach investigations in 2009 occurred at hotels. Financial services accounted for 19% of the company's data-breach investigations. Once an attack occurred, it took an average of 156 days for the business to realize it, according to the report. The problem has continued into 2010, says Nicholas Percoco, senior vice president of Trustwave and head of SpiderLabs. Verizon Business, another data-security firm, noticed a similar increase in attacks on hotels starting around last April, says Dave Ostertag, manager of investigative response at Verizon Business, a unit of Verizon Communication Inc. Hackers "find a weakness, flaw or common problem in an industry or organization. Once they find that, they want to replicate it as many times as they can," says Mr. Percoco. The most common weakness at hotels is the security surrounding point-of-sale software—the software hotels use to process credit-card transactions. For example, often the systems are maintained remotely by an outsourced information-technology company. To maintain the computer system, the IT firm employees must sign in remotely. When remote access user names and passwords are left blank or not changed from their default setting, hackers can find those usernames and passwords to gain access to the system to steal credit-card information. Last August, Radisson Hotels & Resorts said the computers at some of its Radisson hotels in the U.S. and Canada were hacked between November of 2008 and May of 2009. After announcing two credit-card breaches in recent years, Wyndham Hotels & Resorts LLC recently announced 37 of its Wyndham Hotels and Resorts branded properties experienced credit-card data breaches between October 2009 and January 2010. There is little customers can do to protect themselves besides checking their credit-card statements carefully. [..] _______________________________________________ Dataloss Mailing List (dataloss () datalossdb org) Archived at http://seclists.org/dataloss/ Get business, compliance, IT and security staff on the same page with CREDANT Technologies: The Shortcut Guide to Understanding Data Protection from Four Critical Perspectives. The eBook begins with considerations important to executives and business leaders. http://www.credant.com/campaigns/ebook-chpt-one-web.php
Current thread:
- Data Breaches Are Heaviest at Hotels Jake Kouns (Mar 18)