[Dataloss] IN: Hacker gets state credit card info
B.K. DeLong
bkdelong at pobox.com
Sat Feb 10 07:21:56 EST 2007
Another PCI DSS violation. It will be interesting to see if any action
is taken. I believe most states qualify as Tier 1 merchants....
On 2/10/07, lyger <lyger at attrition.org> wrote:
>
> http://www.fortwayne.com/mld/journalgazette/16667910.htm
>
> State technology officials sent letters Friday to 5,600 people and
> businesses informing them that a hacker obtained thousands of credit card
> numbers from the state Web site.
>
> Although numbers are usually encrypted or shortened to the last four
> digits, the Office of Technology conceded a technical error allowed the
> full credit card numbers to remain on the system and be viewed by the
> intruder.
>
> "Like thousands of web sites, the state's web site is constantly under
> attack from hackers," the letter said. "To repel these attacks, the state
> has implemented the highest levels of security and submitted itself to
> regular independent audits to ensure that data is safeguarded".
>
> [...]
> _______________________________________________
> Dataloss Mailing List (dataloss at attrition.org)
> http://attrition.org/dataloss
> Tracking more than 146 million compromised records in 566 incidents over 7 years.
>
>
>
--
B.K. DeLong (K3GRN)
bkdelong at pobox.com
+1.617.797.8471
http://www.wkdelong.org Son.
http://www.ianetsec.com Work.
http://www.bostonredcross.org Volunteer.
http://www.carolingia.eastkingdom.org Service.
http://bkdelong.livejournal.com Play.
PGP Fingerprint:
38D4 D4D4 5819 8667 DFD5 A62D AF61 15FF 297D 67FE
FOAF:
http://foaf.brain-stream.org
More information about the Dataloss
mailing list