Hackers Go Shopping with Credit Card Data Stolen from Roses Only

Technorati Tag:

Date Reported:
9/14/07

Organization:
Roses Only

Contractor/Consultant:
None

Victims:
Roses Only customers

Number Affected:
Unknown

Types of Data:
Name, address, and credit card information

Breach Description:
Roses Only and authorities report that hackers compromised the database of the online retailer earlier this year.  Customer credit card details were stolen and possibly used to make luxury purchases in South East Asia.

Reference URL:
http://www.abc.net.au/news/stories/2007/09/15/2033667.htm
Story at The Age

Report Credit:
The Age

Response:
From the online references noted above:

"A strike force has been set up by the State Crime Command Fraud Squad to investigate the possible compromise of an internet-based business' database and subsequent fraudulent transactions,"

"The investigation was in its earliest stages and no further information was available"

"Roses Only was recently advised that our system may have been compromised through an unauthorised intrusion earlier in the year,"

"We moved quickly to address the situation and engaged a leading international technology security firm to enhance the security of our system."
[Comfyllama] It would be nice if the company were more forthcoming on who they have hired to shore up their security and what they have done, but it might be a little early yet.

"The florist assured its customers they would not be liable for any unauthorised transactions and advised them to contact their financial institution if they had any concerns."

Commentary:
Roses Only is an online retail florist.  It is still early and there is not much information available on this breach.  It is important to note that Roses Only has an announcement on their home page that states "Roses Only does not store any credit card data in its system". 



This is an excellent move by the company.  I am a big proponent.

Past Breaches:
None

Posted by Evan Francen at 9/14/2007 11:22 PM
Categories: Roses Only, Hack
 
Trackbacks
Trackback specific URL for this post
  • No trackbacks exist for this post.
Comments
Display comments as (Linear | Threaded)
Page: 1 of 1
  • 9/15/2007 11:39 AM Bambi wrote:
    CRIMINAL hackers .. Please remember that not all hackers are criminals.
    Reply to this
    1. 9/15/2007 2:07 PM Comfyllama wrote:
      Thank you Bambi.  Good point.

      Reply to this
    2. 9/16/2007 11:23 PM Craig Wright wrote:
      Actually, being that any unauthorised access is a crime, malicious intent is not related to this and it is in fact the case that they are criminals under current definitions and legistlation.
      Reply to this
  • 9/16/2007 7:29 PM O wrote:
    If we are correcting terminology, the correct term should be 'Cracker' not hacker, but must people are too stoopid to know any different anyway!

    When will these companies get serious about security???
    Reply to this
    1. 1/2/2008 4:01 AM Alicia wrote:
      All time data is there, crackers will always exist and even have some success here and there. The issue is that the more your financial information is replicated over a large number of systems, the better the chances are it will be in the wrong hands soon.
      Reply to this
  • 12/19/2007 8:52 PM frigidaire parts wrote:
    I had a friend who shopped there and after, his credit card was used. Rose never paid him any indemnification. They are still judging in curt. What can I say??? If you don’t take seriously your security, than at least be honest and pay for it!
    Reply to this
  • 2/1/2008 7:27 PM Artificial Christmas tree wrote:
    Smart hackers. I don't agree with what their doing but we gotta give them credit. They are smart...
    Reply to this
  • 7/29/2008 2:18 PM Frigidaire Parts wrote:
    Of course they are all criminals. It's well known their position in this society.
    Reply to this

Page: 1 of 1
    Leave a comment