Tuesday, July 28, 2009

Network Solutions Data Breach

If you use Network Solutions for your card processing, you should read this. It is possible that thousands of merchants and unknown numbers of cardholders will be affected. According to thecompany:

In the ordinary course of business, Network Solutions identified unauthorized code on servers supporting some of our E-Commerce merchants’ websites. We promptly removed this code, and all of our E-Commerce servers are functioning properly. No servers supporting networksolutions.com were affected.

After conducting an analysis with the assistance of outside experts, we determined that the unauthorized code may have been used to transfer data on certain transactions for approximately 4,343 of our more than 10,000 merchant websites to servers outside the company. On July 13, 2009, we were informed by our outside forensic experts that the data being transferred may have included credit card information. The code may have captured transaction data from approximately 573,928 cardholders for certain periods this spring

This breach is sure to re-ignite the "Compliant when Compromised" argument -- Network Solutions claims they were PCI compliant at the time of the breach (see here).

We all should recognize that at this time we don't know everything, but if you think you might be affected check out the Network Solutions statement.

No comments:

Post a Comment