funsec mailing list archives

Fwd: [Dataloss] Network Solutions was PCI compliant before breach

From: Paul Ferguson <fergdawgster () gmail com>
Date: Mon, 27 Jul 2009 11:26:40 -0700

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

FYI,

- - ferg


- ---------- Forwarded message ----------
From: security curmudgeon <jericho () attrition org>
Date: Mon, Jul 27, 2009 at 10:35 AM
Subject: [Dataloss] Network Solutions was PCI compliant before breach
To: dataloss-discuss () datalossdb org, dataloss () datalossdb org



http://www.scmagazineus.com/Network-Solutions-was-PCI-compliant-before-brea
ch/article/140642/

Network Solutions was PCI compliant before breach
Angela Moscaritolo
July 27, 2009

Web hosting firm Network Solutions on Friday announced that, despite its
being PCI compliant, a breach had compromised approximately 573,928
individuals' credit card information.

Network Solutions discovered unauthorized code on its servers used to
support thousands of e-commence merchants' websites, Susan Wade, director
of communications at Network Solutions told SCMagazineUS.com on Monday.
The company determined that the unauthorized code may have been used by
cybercriminals to capture transaction data, including customer names,
addresses, and credit card numbers, and transfer it to servers outside of
the company, she said.

Approximately 4,343 e-commerce websites were affected by the breach.
Network Solutions could not disclose which merchants were affected but
said the victimized merchants sell a wide variety of merchandize and are
primarily small businesses. The breach occurred from March 12 to June 8
and the issue has since been mitigated, Network Solutions said.

[..]
_______________________________________________
Dataloss Mailing List (dataloss () datalossdb org)

-----BEGIN PGP SIGNATURE-----
Version: PGP Desktop 9.5.3 (Build 5003)

wj8DBQFKbfFWq1pz9mNUZTMRAhWuAKDPtrA4pnasPZhYwjkFaGy8kM1rYgCfZpML
czYn4K+Ij1sRJsWWu+Th7qg=
=9uBg
-----END PGP SIGNATURE-----



-- 
"Fergie", a.k.a. Paul Ferguson
 Engineering Architecture for the Internet
 fergdawgster(at)gmail.com
 ferg's tech blog: http://fergdawg.blogspot.com/
_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.

Current thread:

Fwd: [Dataloss] Network Solutions was PCI compliant before breach Paul Ferguson (Jul 27)
- Re: Fwd: [Dataloss] Network Solutions was PCI compliant before breach Valdis . Kletnieks (Jul 27)
- Re: Fwd: [Dataloss] Network Solutions was PCI compliant before breach Michael Graham (Jul 27)
  - Re: Fwd: [Dataloss] Network Solutions was PCI compliant before breach chris (Jul 27)
    - Re: Fwd: [Dataloss] Network Solutions was PCI compliant before breach Michael Graham (Jul 27)
    - Re: Fwd: [Dataloss] Network Solutions was PCI compliant before breach Chris Blask (Jul 27)
    - Re: new cybersecurity laws (was: Network Solutions was PCI compliant before breach) Young, Keith (Jul 28)
- Re: Fwd: [Dataloss] Network Solutions was PCI compliant before breach Anton Chuvakin (Jul 27)
  - Re: Fwd: [Dataloss] Network Solutions was PCI compliant before breach Alexandre Dulaunoy (Jul 27)
    - Re: Fwd: [Dataloss] Network Solutions was PCI compliant before breach Valdis . Kletnieks (Jul 27)
    - Re: Fwd: [Dataloss] Network Solutions was PCI compliantbefore breach Larry Seltzer (Jul 27)

(Thread continues...)