[Infowarrior] - Network Solutions Hack Compromises 573, 000 Credit, Debit Accounts

Fri Jul 24 23:45:28 UTC 2009

(c/o Jericho)

Network Solutions Hack Compromises 573,000 Credit, Debit Accounts
http://voices.washingtonpost.com/securityfix/2009/07/network_solutions_hack_comprom.html
Hackers have broken into Web servers owned by domain registrar and  
hosting provider Network Solutions, planting rogue code that resulted  
in the compromise of more than 573,000 debit and credit card accounts  
over the past three months, Security Fix has learned.

Herndon, Va. based Network Solutions discovered in early June that  
attackers had hacked into Web servers the company uses to provide e- 
commerce services - a package that includes everything from Web  
hosting to payment processing -- to at least 4,343 customers, mostly  
mom-and-pop online stores. The malicious code left behind by the  
attackers allowed them to intercept personal and financial information  
for customers who purchased from those stores, Network Solutions  
spokeswoman Susan Wade said.

Wade said the company is working with federal law enforcement and a  
commercial data breach forensics team to determine the cause and  
source of the break-in. The payment data stolen was captured from  
transactions made between March 12, 2009 and June 8, 2009.

On Friday, Network Solutions began notifying affected customers by e- 
mail and postal mail. Due to the potential high cost of notifying  
individual victims, the hosting company is offering to handle the  
notification of affected customers of the breached online stores.  
Forty-five states and the District of Columbia have enacted laws  
requiring organizations to notify consumers when a data breach or loss  
jeopardizes the security of personal and financial data, but the rules  
for complying with those laws differ from state to state.

"We feel terribly about it to burden them with the notification  
process, which can be kind of tricky because there is no one federal  
data breach statute," Wade said.

Network Solutions also is offering to pay for 12 months of credit  
monitoring service through Trans Union for each consumer whose  
financial and personal data was compromised. 