WesternUnion.com back online after theft of credit-card data

September 14, 2000

By Todd R. Weiss, Computerworld

http://www.infoworld.com/articles/hn/xml/00/09/14/000914hnwest.html



The web site of telegram and money-transfer company Western Union Holdings went back online Wednesday, five days after a malicious hacker broke into the site and apparently copied the credit-card or debit-card numbers of about 15,700 Western Union customers.

Peter Ziverts, a spokesman at WesternUnion.com, in Englewood, Colo., said getting the Web site back online took two days longer than company officials originally expected after discovering the security breach during a scheduled audit of the site performance last Saturday.

"It was just our focus to be sure that when [the site] went back up, it was safe and secure," Ziverts said. Before the site went back online, he added, its security features were fortified by WesternUnion.com's developers in an effort to ensure that customer data doesn't get compromised again.

Western Union previously said the security breach that opened up access to the credit-card data was caused by "human error" during routine maintenance and performance management testing work on the Web site, which had been upgraded in June to allow users to send money over the Internet. A key file apparently was left unprotected after the work was done, creating a security hole that could be used to enter the site.

After the breach was discovered, Western Union officials immediately shut down the Web site and began contacting customers who had transferred money online to notify them of the incident. It also informed the National Bankcard Association in an attempt to circumvent any fraudulent use of the stolen card numbers. Ziverts yesterday said no illegal attempts to buy goods had been reported thus far.


main page ATTRITION feedback