Hacker gains access to Bisons fans' Web data

March 2004, 2006

By Stephen T. Watson, The Buffalo News


A computer hacker recently gained access to sensitive financial information - including credit card numbers - on the Buffalo Bisons' Web site, the team is warning its customers.

The Secret Service, with the assistance of the FBI, is investigating the security breach, which occurred last month. So far, the Bisons say they have no indication that the intruder has misused any of the ill-gotten data.

The team has set up a toll-free number for people to call for more information and has notified the four credit card companies that are involved.

"We apologize for any inconvenience this situation has caused any of our fans," the team said in a statement.

Choice One Online, which hosted the Bisons' Web site at the time of the breach, said that it has hired the VeriSign global Internet security firm to conduct its own investigation into the security breach.

"VeriSign did confirm that we caught it early enough that damage, if any, will be next to nothing," said Keith Radford Jr., director of Choice One Online.

Employees of the Bisons and Choice One noticed the breach about Feb. 13, according to the team and Radford.

An intruder got into the Choice One system and uploaded a program that gave this person access to names, passwords, financial data and other information collected from customers who ordered items through Bisons.com, the Bisons said in a letter to customers.

The intruder accessed the information on the Bisons' Web site, the Bisons said, but so far, there is no evidence that this information was misused in any way.

The Bisons are cooperating in the investigation by the federal agencies and by VeriSign, according to the team's statement.

The Bisons mailed out the letters to any potentially affected Web customers shortly after learning of the breach, said Mike Buczkowski, the team's general manager. He would not say how many customers might have been affected.

The Bisons and Choice One changed their passwords and shut down the computer servers that were infiltrated, and the team notified American Express, Discover, MasterCard and Visa about the breach.

The Bisons are warning their Internet customers to monitor statements from their financial institutions and notify their credit card or debit card companies that their accounts might have been compromised. The toll-free number the team set up for customers is (800) 380-1447.

Choice One, a Buffalo Internet services company, said the VeriSign investigation will show the full extent of the damage caused by the breach, which Radford described as "minimal."

The company is beefing up its security measures in response to the incident, he said.

Choice One and the Bisons no longer are working together, a move that Buczkowski said is not related to the security breach.

The team last July began talking with Major League Baseball Advanced Media about hosting the Bisons' Web site, he said, and the switch went into effect last month.

[an error occurred while processing this directive]