Network Solutions Suffers Large Data Breach
File Under “Faulty Plumbing”: For nearly three months, malware planted by hackers on servers operated by Network Solutions intercepted more than 573,000 credit and debt card numbers used to services rendered by the domain registration and hosting service provide.
According to a report by the Washington Post’s Security Fix blog, the breach occurred sometime around March 12. Hackers inserted code on Network Solutions’ servers that sniffed customer credit card number and personal identifying information. The breach affected account holders of Network Solutions domain registration and Web services, as well as numerous online retailers that utilize the company’s hosting and online payment services.
Network Solutions doesn’t know how the hackers penetrated its security or the origins of the attack. A company spokesperson told Security Fix that they feel “terrible” about the impact the breach will have on individual and business customers. Network Solutions is working with law enforcement officials, and is covering the notification of customers of its affected retailers. It’s also offering to cover the 12-month cost of credit monitoring services of affected customers.
It should come as no surprise that hackers targeted Network Solutions, since it support so many business clients and provides online payment processing services. While everyone knows about the massive breaches against TJX (94 million credit cards) and Hanniford Supermarkets (4 million), the payment processors themselves are increasingly under attack.
By comparison, the Network Solutions breach is relatively small. In 2005, CardSystems Solutions, a processor of Visa and MasterCard payments, suffered a massive breach that exposed more than 40 million credit card numbers. In January, Heartland Payment Systems disclosed that a network breach may have exposed more than 100 million credit cards.
Incidents such as Network Solutions just go to show that whenever you accept and hold credit card information, you’re paint a huge target on your network. It then becomes incumbent upon the organization to measure its threat level and practice appropriate risk management practices to reduce the probability of a data breach.
Related posts:
