Egghead: Hackers didn't get credit cards

[InfoSec News <isn () C4I ORG>]

http://www.zdii.com/industry_list.asp?mode=news&doc_id=ZD2672279

By Robert Lemos ZDNet News
January 8, 2001 1:50pm

Online retailer Egghead.com announced Monday that an intruder into its
system more than two weeks ago did not grab any numbers from its
database of 3.7 million credit cards.

"Our internal investigation ... has uncovered evidence which suggests
that Egghead.com's existing security systems interrupted this
intrusion while it was in progress," Egghead CEO Jeff Sheahan said in
a statement.

On Dec. 22, Egghead announced that it had detected an intruder into
its system, who may have accessed the database of information on the
retailer's 3.7 million customers.

As previously reported, the Menlo Park, Calif., company handed over
its entire database to the credit card industry on Dec. 21, suggesting
that it believed the card numbers contained in the database were at
risk.

Today's statement--after 17 days of investigation--seems to refute
previous suspicions that the data had been stolen.

"Our first priority has been to protect our customers," Sheahan said
in the statement. "We deeply regret any inconvenience this may have
caused them, but we firmly believe that providing this information
would help limit any possible damage and give our customers the choice
of taking precautions to protect their privacy."

Security firm Kroll Worldwide conducted the company's search for
evidence after the break-in.

The firm cooperated with the FBI, which was brought in on the case
Dec. 22.

ISN is hosted by SecurityFocus.com
---
To unsubscribe email LISTSERV () SecurityFocus com with a message body of
"SIGNOFF ISN".