Suspected Malware Infected Hannaford Servers
Posted by: Tom
Interesting developments in the Hannaford Supermarket breach that was reported a few weeks ago. Seems that malware infected 300 some servers that were located at each of the stores. This malware was apparently collecting and sending customer credit card data to overseas locations. I like the following part the best:
"Andrew Conry of InformationWeek adds that Hannaford, in addition to the breach, has two related class action lawsuits on its hands alleging negligence in maintaining customer security. And he suggests that there might be some truth to the claims, noting that Hannaford should have noticed that "internal servers were transmitting outside the network to a strange IP. This should've raised flags somewhere--server logs, IDS logs, firewall logs.""
No kidding...this should have triggered an alert somewhere don't you think? Interesting to see this all play out now...
"Andrew Conry of InformationWeek adds that Hannaford, in addition to the breach, has two related class action lawsuits on its hands alleging negligence in maintaining customer security. And he suggests that there might be some truth to the claims, noting that Hannaford should have noticed that "internal servers were transmitting outside the network to a strange IP. This should've raised flags somewhere--server logs, IDS logs, firewall logs.""
No kidding...this should have triggered an alert somewhere don't you think? Interesting to see this all play out now...
Hannaford Brothers Credit Card Breach
Posted by: agent0x0
Another day...another credit card breach!
This time 4.2 million credit cards were exposed. I personally smell a bit of TJX in this one...
"The stolen data was limited to credit and debit card numbers and expiration dates, and was illegally accessed from our computer systems during transmission of card authorization," said Hannaford CEO Ron Hodge, in a statement posted to the company's Web site.
The key phrase being "transmission of card authorization". Sniffed? Bad Wifi security? Only time will tell...much speculation at this point. However, Securosis.com has some good speculation about what might have happened.
This time 4.2 million credit cards were exposed. I personally smell a bit of TJX in this one...
"The stolen data was limited to credit and debit card numbers and expiration dates, and was illegally accessed from our computer systems during transmission of card authorization," said Hannaford CEO Ron Hodge, in a statement posted to the company's Web site.
The key phrase being "transmission of card authorization". Sniffed? Bad Wifi security? Only time will tell...much speculation at this point. However, Securosis.com has some good speculation about what might have happened.
Free Identity Theft Prevention Materials
Posted by: agent0x0
Did you know that you can order free identity theft materials from the Federal Trade Commission? The FTC has a really good program called "Deter, Detect, Defend" to help educate the public about identity theft. They offer free bulk orders of pamphlets, handouts, and other paraphernalia to distribute to your company, friends, family, etc...great if you want to get good material for a security awareness program to distribute. There is a ton of good material to order, not just about identity theft, but about social networking dangers and safe web browsing among many other topics (many computer security related topics).
They even have a pre-made pdf's and PowerPoint slides that are complete and ready to download, great if you are conducting any speeches or talks about identity theft.
You can order this free material directly from the FTC's web site here.