"Hacking Ring" Exposes Internet Retailer Magazine Customers
Technorati Tag: Security Breach
Date Reported:
9/18/07
Organization:
Vertical Web Media
Contractor/Consultant:
Internet Retailer Magazine
Victims:
Vertical Web Media customers
Number Affected:
Unknown*
*"a minority" of its customer base according to Vertical Web Media president, Jack Love
Types of Data:
Name, address, email address, phone number, credit card account number and credit card expiration date.
Breach Description:
Vertical Web Media has confirmed that "customer files were recently hacked" via the internet and access was gained to sensitive data pertaining to their customers.
Reference URL:
MediaPost Article
Report Credit:
Douglas Quenqua, MediaPost Communications
Response:
From the online resource mentioned above:
"Jack Love, the Chicago-based company's president, declined to say how many card numbers had been stolen or when the breach occurred, citing an ongoing investigation by the FBI and private investigators. He said only that the stolen files represented "a minority" of its customer base."
"The system "was compromised by a very sophisticated hack in what must have been a hacking ring [utilizing] about half a dozen computers around the world operating in a coordinated fashion," said Love."
[Comfyllama] A "very sophisticated hack" at the hands of a "hacking ring"? Sounds scary almost. Leaves me wanting more details.
"We've been devastated by this, and we've been moving as fast as we can to get this information to our customers so they can protect themselves."
[Comfyllama] Should customers protect themselves from the "hacking ring" or from companies that don't protect their information? I'll elaborate in the commentary.
"Internet Retailer, itself a source of news on the pitfalls and risks involved with e-commerce"
"One letter obtained by MediaPost expresses regret over the incident and advises the customer to have his credit card company re-issue the stolen card with a new number and to obtain credit reports in order to watch for signs of theft. It also includes detailed instructions on how to obtain those free reports."
[Comfyllama] What a hassle! In case the victims had nothing better to do, I suppose.
"The site does not collect CCV numbers--the security codes written on the back of credit cards--which Love said should decrease the chances of the stolen cards being used fraudulently."
[Comfyllama] It could decrease the chances assuming the "hacking ring" is not skilled or determined enough.
Commentary:
As I may have stated before, organizations running an e-commerce site should be held to a higher standard. Vertical Web Media did their best to protect confidential data, but the result is the result. My question is, does Vertical Web Media really need to store credit card information after the verification during a purchase? I guess this is a business question for them.
Past Breaches:
Unknown
We now have wireless internet anywhere at any time, thanks to our over efficient wireless internet providers. The trend of getting a wireless internet booster is catching on too. From a wireless printer to speaker, we have everything going wireless. A wireless card also has the same benefits. There are services like that of cingular wireless, who offer exemplary service deals. They often include a wireless internet booster in their deals as a free benefit.
Date Reported:
9/18/07Organization:
Vertical Web Media
Contractor/Consultant:
Internet Retailer Magazine
Victims:
Vertical Web Media customers
Number Affected:
Unknown*
*"a minority" of its customer base according to Vertical Web Media president, Jack Love
Types of Data:
Name, address, email address, phone number, credit card account number and credit card expiration date.
Breach Description:
Vertical Web Media has confirmed that "customer files were recently hacked" via the internet and access was gained to sensitive data pertaining to their customers.
Reference URL:
MediaPost Article
Report Credit:
Douglas Quenqua, MediaPost Communications
Response:
From the online resource mentioned above:
"Jack Love, the Chicago-based company's president, declined to say how many card numbers had been stolen or when the breach occurred, citing an ongoing investigation by the FBI and private investigators. He said only that the stolen files represented "a minority" of its customer base."
"The system "was compromised by a very sophisticated hack in what must have been a hacking ring [utilizing] about half a dozen computers around the world operating in a coordinated fashion," said Love."
[Comfyllama] A "very sophisticated hack" at the hands of a "hacking ring"? Sounds scary almost. Leaves me wanting more details.
"We've been devastated by this, and we've been moving as fast as we can to get this information to our customers so they can protect themselves."
[Comfyllama] Should customers protect themselves from the "hacking ring" or from companies that don't protect their information? I'll elaborate in the commentary.
"Internet Retailer, itself a source of news on the pitfalls and risks involved with e-commerce"
"One letter obtained by MediaPost expresses regret over the incident and advises the customer to have his credit card company re-issue the stolen card with a new number and to obtain credit reports in order to watch for signs of theft. It also includes detailed instructions on how to obtain those free reports."
[Comfyllama] What a hassle! In case the victims had nothing better to do, I suppose.
"The site does not collect CCV numbers--the security codes written on the back of credit cards--which Love said should decrease the chances of the stolen cards being used fraudulently."
[Comfyllama] It could decrease the chances assuming the "hacking ring" is not skilled or determined enough.
Commentary:
As I may have stated before, organizations running an e-commerce site should be held to a higher standard. Vertical Web Media did their best to protect confidential data, but the result is the result. My question is, does Vertical Web Media really need to store credit card information after the verification during a purchase? I guess this is a business question for them.
Past Breaches:
Unknown
We now have wireless internet anywhere at any time, thanks to our over efficient wireless internet providers. The trend of getting a wireless internet booster is catching on too. From a wireless printer to speaker, we have everything going wireless. A wireless card also has the same benefits. There are services like that of cingular wireless, who offer exemplary service deals. They often include a wireless internet booster in their deals as a free benefit.
Posts Atom 1.0
Doesn't Vertical Web Media have to be VISA compliant if they accept and/or process credit cards?
Reply to this
Yes, according to VISA they are required to be compliant with the PCI Data Security Standard. See here: VISA PCI DSS
Reply to this