Two Lincoln area golf courses respond to breach of credit/debit card information
|
Date Reported:
9/20/10
Organization:
The Lodge at Wilderness Ridge
Hidden Valley Golf Club
Contractor/Consultant/Branch:
None
Location:
Lincoln, Nebraska area
Victims:
Customers
Number Affected:
"more than 200"
Types of Data:
Credit and debit card information
Breach Description:
"Two Lincoln golf courses and a restaurant say they are the sources of more than 200 credit and debit card numbers stolen recently from Lincoln-area residents."
Reference URL:
Office of Inadequate Security
Lincoln Journal Star
Security Breach at Wilderness Ridge
Report Credit:
Lincoln Journal Star via the Office of Inadequate Security
Response:
From the online sources cited above:
Two Lincoln golf courses and a restaurant say they are the sources of more than 200 credit and debit card numbers stolen recently from Lincoln-area residents.
[Evan] I can't resist taking a poke at a buddy of mine who works with me here at FRSecure. He loves to golf. I mean he really loves to golf! Let's hope that the courses he visits protect his credit card information better than these two.
In a news release Friday, Wilderness Ridge golf course and restaurant, 1800 Wilderness Woods Place, and Hidden Valley Golf, 10501 Pine Lake Road, announced they had uncovered a security breach that exposed the card numbers of its recent customers.
[Evan] Not really so "recent". As you'll read later on in this post, one customer claims to have last been at one (or both) of these establishments in March.
"All offending systems were immediately shut down," the release said.
[Evan] This is not necessarily a good idea without a thorough forensic investigation. There could be critical evidence stored in volatile parts of systems (memory, temporary files, network connections, etc.). Unless the damage is actively occurring and/or spreading, I do not suggest shutting down systems.
It's not clear how far back the breach stretched.
Lincoln Police Chief Tom Casady said one affected cardholder hadn't been to either business since March.
As of Friday morning, police had taken 225 reports of credit and debit card fraud they believe to be connected, Officer Katie Flood said.
Police suspect the number of victims to be far greater because some people have chosen to handle the fraud through their banks instead of filing police reports.
[Evan] I agree, especially if there is there is the possibility that this fraud goes back as far as March.
The card numbers were used to buy everything from gift cards to plane tickets to clothes at stores all over the world.
[Evan] You may be wondering how this could be (maybe not). There is a market for stolen credit and debit card information. When this type of fraud happens in bulk (as is the case here), the person (or persons) who steals the information is rarely the person who uses it. In this case, like so many others, the information is stolen and sold. This may take place several times before a person eventually uses the information to purchase goods and services.
"I'm aware of other cases that are out there that the victims have not reported to the Lincoln Police Department," Casady said.
The department's technical investigations unit had been working to trace the source of the stolen numbers since at least Sept. 17.
Casady said they still aren't sure who stole and used the numbers.
"I'm hopeful that we'll be able to find more information out about this as time goes on," he said. "We'd like to pin down exactly how the security breach occurred."
The businesses involved have cooperated, the chief said.
"We have engaged a computer security firm using state-of-the-art forensic processes to assist in the investigation and identify any additional security issues," Wilderness Ridge and Hidden Valley said in their joint release.
[Evan] There are many computer security firms who claim to use "state-of-the-art" technologies and processes, which is fine. Too many times we see people forget about the basic technologies and processes. The basics are far more important than "state-of-the-art". Basic processes that may have been missed occurred when someone decided to "immediately shut down" and "take immediate steps to secure our systems." Both of these missing basics could easily jeopardize a thorough forensic investigation.
From the joint press release:
Wilderness Ridge and Hidden Valley Golf have uncovered a security breach that has exposed credit and debit card information of our recent customers.
We apologize for any inconvenience that this may have caused any of our customers and regret any inconvenience this has caused.
We have taken immediate steps to secure our systems.
Law enforcement officials have been notified and we are cooperating fully to identify and prosecute perpetrators.
Additionally, we have engaged a computer security firm using state-of-the-art forensic processes to assist in the investigation and identify any additional security issues.
All offending systems were immediately shut down.
We encourage all recent customers who have used credit or debit cards with us to contact their card issuer to determine if there has been any suspicious activity on their account, and to place a fraud alert in their credit file. (A fraud alert require creditors to contact you before opening any new accounts in your name or making any changes to your existing accounts.)
Commentary:
Your guess is as good as mine as to how this fraud occurred, based on the limited amount of information we have available. Was this a network-based compromise? Was this an inside job? Was this a malware (virus, trojan, etc.) attack? We can only speculate.
What we do know is that there was a significant vulnerability present in their systems and/or processes that was compromised/exploited. Did the organization(s) have any clue that they were vulnerable? Maybe they knew they were vulnerable, but did not know or quantify to what extent. As it turns out, these organizations will likely pay considerably more in response efforts than they would have in assessment and prevention.
The post was written by Evan Francen, President of FRSecure
About FRSecure
Past Breaches:
Unknown
Posted by Evan Francen at 10/1/2010 8:40 AM 
Categories: Hidden Valley Golf Club, Lodge at Wilderness Ridge, Unknown
Categories: Hidden Valley Golf Club, Lodge at Wilderness Ridge, Unknown
Posts Atom 1.0
Comments