[Dataloss] Consumers of Hannaford Brothers Co. SupermarketsFile Class Action Suit
Jamie C. Pole
jpole at jcpa.com
Thu Mar 20 02:05:05 UTC 2008
Agreed, but many of the 4.2 million compromised card numbers will be
re-issued anyway. Even if there was no fraudulent actvity associated
with the account. There is most definitely a cost associated with
those re-issues, and I can promise that Hannaford (and any other party
involved in the breach) will be made to bear much, if not all of that
cost.
My original point was that this was not a simple case of some script
kiddie (maybe Mitnick is having a relapse?) accidentally breaching a
system with a poor security posture. Most of those cases never result
in financial fraud because the perpetrator either didn't realize what
he/she accessed, or just wasn't looking for credit card numbers.
This case is different because there have already been cases of
financial fraud with credit card numbers stolen from Hannaford.
And I FIRMLY believe that whatever organization signed off on
Hannaford's PCI compliance bears part of the responsibility.
Jamie
On Mar 19, 2008, at 9:05 PM, Sasha Romanosky wrote:
Well, careful. If victims need to demonstrate actual financial loss,
fraudulent charges covered by the credit card company may not be
considered.
That being said, let's look at what we know about choicepoint:
. Fined $10M by FTC for violating fair credit reporting act, and $5M
trust
fund for consumer redress,
. $500k toward public education campaigns about identity theft
. Paid $500k for state legal fees
. $10M shareholder lawsuit
For a total of $26M (from around 160k records)
So the claim of 1800 reported cases of identity theft (which may or
may not
have resulted in actual loss) may be the least of their worries.
cheers,
sasha
-----Original Message-----
From: dataloss-bounces at attrition.org
[mailto:dataloss-bounces at attrition.org] On Behalf Of Jamie C. Pole
Sent: Wednesday, March 19, 2008 8:41 PM
To: dataloss-bounces at attrition.org; dataloss at attrition.org
Subject: Re: [Dataloss] Consumers of Hannaford Brothers Co.
SupermarketsFile Class Action Suit
Let's also consider the possibility the Hannaford WAS using
the tool correctly, and that it just didn't work as advertised.
As far as the law firm being on the ball, trust me, they are.
I know this firm well, and they will absolutely include
Rapid7 in their discovery process. If I was senior
management at Rapid7, I would NOT be sleeping well right now.
The kiss of death in this case is going to be the fact that
there have been around 1800 reported cases of fraud stemming
from the incident. This was not an accident.
Jamie
-----Original Message-----
From: dataloss-bounces at attrition.org
[mailto:dataloss-bounces at attrition.org]
On Behalf Of Mike Simon
Sent: Wednesday, March 19, 2008 6:47 PM
To: lyger; dataloss-bounces at attrition.org; dataloss at attrition.org
Subject: Re: [Dataloss] Consumers of Hannaford Brothers Co.
Supermarkets FileClass Action Suit
This could not be a better example of why companies hesitate
to disclose details. If this lawfirm is on the ball. They
will get access to the exchange with Rapid7 which, according
to the press release changes, indicates potential additional
negligence in that the had a tool that may have prevented
this problem and failed to use it properly. Not a helpful
disclosure for Hannaford with respect to the class action.
Mike
_______________________________________________
Dataloss Mailing List (dataloss at attrition.org)
http://attrition.org/dataloss
Tenable Network Security offers data leakage and compliance
monitoring solutions for large and small networks. Scan your
network and monitor your traffic to find the data needing
protection before it leaks out!
http://www.tenablesecurity.com/products/compliance.shtml
_______________________________________________
Dataloss Mailing List (dataloss at attrition.org)
http://attrition.org/dataloss
Tenable Network Security offers data leakage and compliance monitoring
solutions for large and small networks. Scan your network and monitor
your
traffic to find the data needing protection before it leaks out!
http://www.tenablesecurity.com/products/compliance.shtml
More information about the Dataloss
mailing list