funsec mailing list archives
Re: Two weeks to contain a security breach?!?!?
From: Valdis.Kletnieks () vt edu
Date: Mon, 17 Mar 2008 18:08:45 -0400
On Mon, 17 Mar 2008 17:01:36 EDT, "Richard M. Smith" said:
"Hannaford became aware of the breach Feb. 27. Investigators later discovered that the data breach began on Dec. 7; it wasn't contained until March 10, said Carol Eleazer, Hannaford's vice president of marketing in Scarborough."
Let's look at the flip side: "PORTLAND, Maine (AP) - A security breach at an East Coast supermarket chain exposed 4.2 million credit and debit card numbers and led to 1,800 cases of fraud, the Hannaford Bros. grocery chain announced Monday." 4.2 million exposed, 1,800 fraud. Pretty low percentage. At some point, somebody has to make a *decision* - will it likely be more costly for the organization to deal with a few thousand fraud cases because they took a slow and careful approach to cleaning up while operations continued, or the wholesale devastation of "screw it, 'ifconfig eth0 down' and we're running everything in offline mode until we figure out what happened". Tell me - how much will it cost them to payback the fraud? And how much business would they have lost if they had to tell customers "Sorry, cash or check only, we can't take plastic for the next week or so because of a computer issue"?
Attachment:
_bin
Description:
_______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Current thread:
- Two weeks to contain a security breach?!?!? Richard M. Smith (Mar 17)
- Re: Two weeks to contain a security breach?!?!? Valdis . Kletnieks (Mar 17)