-
August 30th, 2006, 06:29 PM
#1
"Hackers" Steal AT&T Data
Hackers broke into one of AT&T Inc.'s computer networks and stole credit card data and other personal information from several thousand customers who shopped at the telecommunication giant's online store.
http://www.boston.com/business/artic...stomers_cards/
I haven't seen anything on what exploit they used to get in. I'm going to take a wild guess and say AT&T isn't likely to reveal that piece of information...
Information wants to be a fireman when it grows up.
-
August 30th, 2006, 06:35 PM
#2
*heh* I just posted this same thing... I checked to make sure no one else had posted it, and by the time I was done typing it up... someone beat me to it [I deleted my post] ... they say that they are offering free credit monitoring... this seems to happen alot... I think there should be some sort of penalty for companies that have large scale information leaks like this...
\"Those of us that had been up all night were in no mood for coffee and donuts, we wanted strong drink.\"
-HST
-
August 30th, 2006, 08:36 PM
#3
Ha. I just saw this on SLashdot and was going to post it too......but I see I missed the race completely.
I'm willing to guess that the exploit used was the human factor or social engineering... I mean, c'mon, a company like AT&T has gotta be on their "A-Game" when it comes to tech security, and then It's like..."How long would it take for the guys monitoring the systems to notice ~ 19,000 ppl's records being downloaded or whatever?". Yeah I'd say somebody was "people hacking".
"Do you know why the system is slow?" they ask
"It's probably something to do with..." I look up today's excuse ".. clock speed"
-BOFH
-
August 30th, 2006, 10:24 PM
#4
Junior Member
I would like to hear if they are subjected to any fines from VISA / MasterCard from PCI payment card industry security audit procedures.
-
August 31st, 2006, 01:22 AM
#5
maybe it was the pizza guys again..http://www.theregister.com/2006/08/24/pizza_fraud_scam/
as for PCI fines... afaik, they only apply if you dopn't report or you're not "compliant"
From Visa's site
if a Visa member fails to immediately notify Visa USA Fraud Control of the suspected or confirmed loss or theft of any Visa transaction information, the member will be subject to a penalty of $100,000 per incident.
Members are subject to fines, up to $500,000 per incident, for any merchant or service provider that is compromised and not compliant at the time of the incident.
I think the PCI reg's rightly take into consideration that even though you are compliant, compromises can still happen. (knock on wood). As a PCI compliant company, I can still be at risk from a zero day IIS exploit (although i have IPS software which should prevent this). It would be hard to make a case that I have been negligent because an MS programmer forgot to plug a buffer overflow...(and you linux lovers just be quiet about me being negligent just by using MS ;P)
I used to be With IT. But then they changed what IT was. Now what I'm with isn't IT, and what's IT seems scary and weird." - Abe Simpson
-
August 31st, 2006, 03:30 AM
#6
Junior Member
Thanks for the reply...... And yes you are right that is what Visa site says....... But ............
I've been in several conversations about a compromised merchant and that is not there intention........ After Wal-Mart was compromised, VISA told Wal-Mart, who is not a member, to become compliant. Wal-Mart being Wal-Mart told Visa to "Stick it".
-
August 31st, 2006, 04:58 AM
#7
hehe..well yes... but doesn't walmart own the US economy? :O
of course fining them would only mean they have to reduce what they pay to their chinese factory workers...
Walmart - always low prices (even if it means destroying one (or two) economy and fecking over another)
(oops... did i say that?)
I used to be With IT. But then they changed what IT was. Now what I'm with isn't IT, and what's IT seems scary and weird." - Abe Simpson
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|