Friday, February 10, 2006

Security Breach Exposes CC Details of 200,000

Some of you may have heard about the data-security breach that resulted in numerous people having their debit cards cancelled this week. What happen? How big is the problem?

Details are still coming to light, but right now it sounds something like this -

A pretty big office-supply retailer was hacked and exposed the credit information over perhaps 200,000 people.

Bank of America, Wells Fargo and other banks were alerted by Visa and MasterCard to take security actions for those card holders.

Let’s remember, this isn't some stolen backup tape or a street thief wanting quick money on a laptop...it sounds like a real hacker that targeted the data storage of this retailer. This is my take on the issue and may not be true, but check these quotes from SFGate.com

1) Banking industry sources said they were notified last month by Visa and MasterCard that the computer system of a prominent merchant had been penetrated by a computer hacker, and that account information for thousands of customers had been endangered.

2) Rosetta Jones, a spokeswoman for Visa USA, acknowledged Thursday that the incident involved a U.S. merchant that "may have experienced a data security breach resulting in the compromise of Visa card account information."

3) Sharon Gamsin, a spokeswoman for MasterCard International, said the credit card company had been informed of "a potential security breach at a U.S.-based retailer."

Sounds pretty serious. Visa, MasterCard, BofA and Well Fargo seem to be reacting as required and expected. Issuing new cards and watching accounts is standard for security breach of this nature and is the correct step for customer protection.

So whats the big deal? The "Unknown" retailer is the deal right now.

Under California SB 1386 - requires an agency, person or business that conducts business in California and owns or licenses computerized 'personal information' to disclose any breach of security (to any resident whose unencrypted date is believe to have been disclosed).

So if the above is true, then we can assume one of the following -

1) The "Unknown" retailer has no business in California and therefore is not bound by SB 1386

2) They are bound by the law but all credit information exposed was encrypted.

3) They are bound by the law and they will disclose this breach in due time.

4) They are bound by the law and not following it as it was intended.

Someone needs to find out...and I would guess that we will all have more information very shortly. Keep your eyes out for this one.

Again, take this whole article with a gain of salt because information is will change.

No comments:

Post a Comment