[Dataloss] Two weeks to contain a security breach?!?!? (fwd)
Roy M. Silvernail
roy at rant-central.com
Tue Mar 18 22:29:09 UTC 2008
security curmudgeon wrote:
>
> ---------- Forwarded message ---------- From: Richard M. Smith
> <rms at computerbytesman.com>
>
> "Hannaford became aware of the breach Feb. 27. Investigators later
> discovered that the data breach began on Dec. 7; it wasn't contained
> until March 10, said Carol Eleazer, Hannaford's vice president of
> marketing in Scarborough."
Speaking as someone who is at risk from this breach (I shop at Hannaford
weekly, if not more often), I have to wonder about one detail that has
been mentioned but not extensively discussed.
Hannaford's web site has a sort-of press release that includes this quote:
> The intrusion affected Hannaford stores, Sweetbay stores in Florida
> and certain independently-owned retail locations in the Northeast
> that carry Hannaford products.
Why would "independently-owned retail locations... that carry Hannaford
products" settle their credit card transactions over Hannaford's
network? I would expect that an independent retailer would be settling
credit card transactions over their bank's system, or perhaps using a
consolidation broker.
Am I just naive?
--
Roy M. Silvernail is roy at rant-central.com, and you're not
"It's just this little chromium switch, here." - TFT
http://www.rant-central.com
More information about the Dataloss
mailing list