12/20/2005

Hackers Break Into Computer-Security Firm’s Customer Database

Filed under: — By Aviran Mordo @ 12:08 pm

Guidance Software — the leading provider of software used to diagnose hacker break-ins — has itself been hacked, resulting in the exposure of financial and personal data connected to thousands of law enforcement officials and network-security professionals.

Guidance alerted customers to the incident in a letter sent last week, saying it discovered on Dec. 7 that hackers had broken into a company database and made off with approximately 3,800 customer credit card numbers. The Pasadena, Calif.-based company said the incident occurred sometime in November and that it is working with the U.S. Secret Service on a more detailed investigation.

Guidance’s EnCase software is used by hundreds of security researchers and law enforcement agencies worldwide, including the U.S. Secret Service, the FBI and New York City police. John Colbert, the company’s chief executive officer, said Guidance alerted all of its customers less than two days after discovering the break-in, and that it would no longer store customer credit card data.

Guidance stored customer records in unencrypted databases, and indefinitely retained customers’ “card value verification” (CVV) numbers, the three-digit codes on the back of credit cards that are meant to protect against fraud in online and telephone sales, according to Colbert and the notification letter sent to customers.

Merchant guidelines published by both Visa and Mastercard require sellers to encrypt customer credit-card databases. They are also prohibited from retaining CVV numbers for any longer than it takes to verify a given transaction.

Companies that violate those standards can be fined $500,000 per violation. Credit card issuers generally levee such fines against the bank that processes payment transactions for the merchant that commits the violations. The fines usually are passed on to the offending company.

Source: Washington Post

 

Leave a Reply

You must have Javascript enabled in order to submit comments.

All fields are optional (except comment).
Some comments may be held for moderation (depends on spam filter) and not show up immediately.
Links will automatically get rel="nofollow" attribute to deter spammers.

Powered by WordPress