Churchill Downs Inc.'s TwinSpires.com announces security breach

[Jake Kouns <jkouns () opensecurityfoundation org>]

http://www.courier-journal.com/article/20120904/BUSINESS/309040084/Churchill-Downs-Inc-s-TwinSpires-com-announces-security-breach

Louisville-based Churchill Downs Inc. announced Monday that some
account information of TwinSpires.com account wagering customers was
hacked last month.

Company spokeswoman Courtney Yopp Norris said less than 20 percent of
customers had their information compromised. The company does not
disclose how many customers it has.

The only information compromised in the Aug. 3 incident were account
holders’ names, birth date, e-mail address used to set up the account
and a “cryptographically hashed Social Security number,” which Norris
said would require a hacker to know the code before being able to
convert it.

The company is notifying law enforcement, she said.

Customers whose information was compromised will receive a letter
detailing the situation and notifying them of credit protection
services being made available to them.
_______________________________________________
Dataloss-discuss Mailing List (dataloss-discuss () datalossdb org)
Archived at http://seclists.org/dataloss/
Unsubscribe at http://datalossdb.org/mailing_list

Supporters:

Risk Based Security (http://www.riskbasedsecurity.com/)
Risk Based Security equips organizations with security intelligence, risk
management services and on-demand security solutions to establish
customized risk-based programs to address information security and
compliance challenges. 

Tenable Network Security (http://www.tenable.com/)
Tenable Network Security provides a suite of solutions which unify real-time
vulnerability, event and compliance monitoring into a single, role-based, interface
for administrators, auditors and risk managers to evaluate, communicate and
report needed information for effective decision making and systems management.