[Dataloss] FBI: No credit card data breach in N.H. state server case

[lyger]

http://www.computerworld.com/securitytopics/security/holes/story/0,10801,110612,00.html

News Story by Todd R. Weiss

APRIL 17, 2006 (COMPUTERWORLD) - An FBI investigation has concluded that 
no consumer credit or debit card information was stolen from a New 
Hampshire state computer server in February because a suspect Cain & Abel 
password recovery program found on the hardware had never been activated.

In an announcement on Friday, New Hampshire Attorney General Kelly Ayotte 
said that the FBI probe determined that no data theft occurred because the 
program, which can be misused by hackers for malicious purposes, was never 
run. "As a result of this finding, the state has concluded that it is very 
unlikely that any credit card or debit card information was accessed by 
identity thieves," Ayotte said in a statement.

The FBI, the U.S. Department of Justice and New Hampshire officials began 
investigating the potential security breach after Cain & Abel was found on 
a state server during a routine security check two months ago (see .N.H. 
Breach May Have Exposed Credit Card Data.). The New Hampshire Division of 
Motor Vehicles and the state Veterans Home used the server to transmit 
financial information, while the New Hampshire Liquor Commission used it 
as a backup for sales transactions. The server held only credit card 
numbers; no other personal information was stored on it, officials said.

[...]