Intrusion at Okemo Mountain Resort exposes customers
Technorati Tag: Security Breach
Date Reported:
3/31/08
Organization:
Okemo Mountain Resort
Contractor/Consultant/Branch:
None
Victims:
Customers
Number Affected:
46,569
Types of Data:
"credit card data including cardholder names, account numbers and expiration dates"
Breach Description:
"Okemo Mountain Resort said Monday that hackers broke into its computer network and potentially gained access to credit card data from 28,168 transactions between Feb. 7 and Feb. 22 and 18,401 credit cards between January and March 2006."
Reference URL:
Okemo Mountain Resort News Release
Barre-Montpelier Times Argus
BusinessWeek
WTNH Channel 8 News
Report Credit:
Okemo Mountain Resort
Response:
From the online sources cited above:
Okemo Mountain Resort today announced that it has been a recent target of criminal efforts to gain access to credit data by infiltration of its computer network at Okemo Mountain Ski Area.
Okemo believes the intruder gained potential access to credit card data including cardholder names, account numbers and expiration dates.
An expert in data security and forensics hired by Okemo to assist in the investigation and response to the incident has informed Okemo that its computer system was improperly accessed by an outside party for a 16 day period between February 7, 2008 and February 22, 2008.
Affected consumers potentially include those who used their credit cards at Okemo during such dates as well as those who did so from January through March of 2006.
The forensic review determined that the intruder may have accessed credit card data from up to 28,168 credit card transactions processed at Okemo during the 16 day period in February. The actual number of credit cards holders involved in the transactions is likely to be smaller because multiple transactions may have been processed on a single card.
In addition, there may have been access to 18,401 individual credit cards used at Okemo from January through March 2006, many of which are believed to have expired.
Okemo spokeswoman Bonnie MacPherson said Monday the company has not heard of any customers subjected to fraud as a result of the breach.
Upon discovery of this intrusion, Okemo promptly initiated security measures to block the infiltration and protect any personal information transmitted through its system from any further unauthorized access.
[Evan] How do you suppose Okemo discovered this intrusion? Did a customer report unauthorized charges? Was the incident stumbled upon or detected during information security reviews of critical systems?
Okemo has provided notice to Visa, MasterCard and American Express and is cooperating fully with the credit card companies to notify potentially affected cardholders.
Okemo does not have sufficient information to directly contact cardholders.
Okemo has been informed that the banks, which issued the credit cards, will be provided with information necessary to notify their cardholders.
Okemo has also notified law enforcement and is providing notice to State Attorneys General and appropriate regulatory agencies.
Okemo will continue to carefully monitor the security of its systems moving forward.
[Evan] Okemo (and all organizations) should "carefully monitor the security of its systems" continually. This "should" go without saying. Especially systems that are used in the collection, creation, storage, or transmission of confidential information.
Okemo has been advised by Federal law enforcement officials that the matter is currently under investigation.
Okemo will provide updates on this incident on its website: www.okemo.com. For further information or assistance, cardholders are encouraged to call the following Toll Free Number, 1-. Okemo can also be contacted at Okemo Mountain Resort, 77 Okemo Ridge Road, Ludlow, VT 05149.
"As a result of this, we've increased the firewall capability and added some software and taken some additional precautions," she said. (Okemo spokeswoman Bonnie MacPherson)
[Evan] Huh?
Commentary:
I appreciate Okemo's news release. Some of the things that I didn't notice were an apology to the affected consumers, any words from Okemo leadership or any details about how this breach occurred.
Intrusions are coming in bunches lately.
Past Breaches:
Unknown
Date Reported:3/31/08
Organization:
Okemo Mountain Resort
Contractor/Consultant/Branch:
None
Victims:
Customers
Number Affected:
46,569
Types of Data:
"credit card data including cardholder names, account numbers and expiration dates"
Breach Description:
"Okemo Mountain Resort said Monday that hackers broke into its computer network and potentially gained access to credit card data from 28,168 transactions between Feb. 7 and Feb. 22 and 18,401 credit cards between January and March 2006."
Reference URL:
Okemo Mountain Resort News Release
Barre-Montpelier Times Argus
BusinessWeek
WTNH Channel 8 News
Report Credit:
Okemo Mountain Resort
Response:
From the online sources cited above:
Okemo Mountain Resort today announced that it has been a recent target of criminal efforts to gain access to credit data by infiltration of its computer network at Okemo Mountain Ski Area.
Okemo believes the intruder gained potential access to credit card data including cardholder names, account numbers and expiration dates.
An expert in data security and forensics hired by Okemo to assist in the investigation and response to the incident has informed Okemo that its computer system was improperly accessed by an outside party for a 16 day period between February 7, 2008 and February 22, 2008.
Affected consumers potentially include those who used their credit cards at Okemo during such dates as well as those who did so from January through March of 2006.
The forensic review determined that the intruder may have accessed credit card data from up to 28,168 credit card transactions processed at Okemo during the 16 day period in February. The actual number of credit cards holders involved in the transactions is likely to be smaller because multiple transactions may have been processed on a single card.
In addition, there may have been access to 18,401 individual credit cards used at Okemo from January through March 2006, many of which are believed to have expired.
Okemo spokeswoman Bonnie MacPherson said Monday the company has not heard of any customers subjected to fraud as a result of the breach.
Upon discovery of this intrusion, Okemo promptly initiated security measures to block the infiltration and protect any personal information transmitted through its system from any further unauthorized access.
[Evan] How do you suppose Okemo discovered this intrusion? Did a customer report unauthorized charges? Was the incident stumbled upon or detected during information security reviews of critical systems?
Okemo has provided notice to Visa, MasterCard and American Express and is cooperating fully with the credit card companies to notify potentially affected cardholders.
Okemo does not have sufficient information to directly contact cardholders.
Okemo has been informed that the banks, which issued the credit cards, will be provided with information necessary to notify their cardholders.
Okemo has also notified law enforcement and is providing notice to State Attorneys General and appropriate regulatory agencies.
Okemo will continue to carefully monitor the security of its systems moving forward.
[Evan] Okemo (and all organizations) should "carefully monitor the security of its systems" continually. This "should" go without saying. Especially systems that are used in the collection, creation, storage, or transmission of confidential information.
Okemo has been advised by Federal law enforcement officials that the matter is currently under investigation.
Okemo will provide updates on this incident on its website: www.okemo.com. For further information or assistance, cardholders are encouraged to call the following Toll Free Number, 1-. Okemo can also be contacted at Okemo Mountain Resort, 77 Okemo Ridge Road, Ludlow, VT 05149.
"As a result of this, we've increased the firewall capability and added some software and taken some additional precautions," she said. (Okemo spokeswoman Bonnie MacPherson)
[Evan] Huh?
Commentary:
I appreciate Okemo's news release. Some of the things that I didn't notice were an apology to the affected consumers, any words from Okemo leadership or any details about how this breach occurred.
Intrusions are coming in bunches lately.
Past Breaches:
Unknown
Posts Atom 1.0
Comments