News
Business
Highlights
Partners
About
Contact
Recruitment

Industry News


















Network Solutions data security breach exposes a half-million credit card numbers --- (2009-07-31)

Hosting company and domain registrar Network Solutions LLC said malware planted on Web servers compromised more than a half million credit card accounts belonging to customers of its e-commerce merchants.

Herndon, Va.-based Network Solutions disclosed the data security breach late Friday. The company said it discovered unauthorized code on servers supporting some of its e-commerce merchants' websites and determined that it may have been used to steal transaction data for about 4,343 of its merchant websites to outside servers.

Outside forensic experts informed Network Solutions on July 13 that the stolen data included credit card information. Approximately 573,928 cardholders were affected by the breach, which affected transactions between March 12 and June 8 of this year, the company said.

"At this point, we have no reports or other reasons to believe that any credit card account information has been misused and, under established practice, credit card issuing companies generally will not hold our merchants' customers liable for any fraudulent purchases made using their credit card account numbers that are reported in a timely way to the issuer," the company said.

In a blog post Sunday, Network Solutions emphasized that the incident affects only its e-commerce customers. Customers of its other products, including domains, email accounts and hosting were not impacted.

The company is working with law enforcement to investigate the case and has arranged with credit reporting agency TransUnion LLC to work on behalf of its merchants to contact affected customers. Network Solutions set up a website about the security breach.

The company touted in its message to customers that it was PCI compliant, despite the data security breach.

"Assuring the security and reliability of our services to customers is our most important priority. We store credit card data in an encrypted manner and we are PCI compliant. Unfortunately, any company operating in our business could have become a victim of this type of invasion," the company said in its blog post. "In this situation, the unauthorized code appears to have transmitted information about credit card transactions as they were being completed; it did not involve a vulnerability in the way we store data in our systems."

(View full article in SecuritySearch.com)


© 2011-2019 ITOPIA Limited. All Rights Reserved.