OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
Re: [Dataloss] IN: Hacker gets state credit card info

From: DAIL, ANDY (ADAILsunocoinc.com)
Date: Mon Feb 12 2007 - 09:23:07 CST

I seriously doubt that Visa, MasterCard, or any other issuer would be
insane enough to issue a fine to a state government. The state can
easily legislate around any attempt by an issuer to fine them, and can
even reverse the situation if they choose, and back up their threats
with the State's monopoly on violence.

I suspect, in the case of State entities, they'll just quietly try to
correct the problem and everyone (except the data loss victims) will be
happy.

-----Original Message-----
From: dataloss-bouncesattrition.org
[mailto:dataloss-bouncesattrition.org] On Behalf Of B.K. DeLong
Sent: Saturday, February 10, 2007 6:43 AM
To: lyger
Cc: datalossattrition.org
Subject: Re: [Dataloss] IN: Hacker gets state credit card info

Which reminds me - I'm going to be by annoying self and suggest we start
tracking confirmed compliance violations. We know TJX violated PCI and
the Indiana case certainly does.

It would be interesting to also note if action is taken since there is
an increasing realization that compliance laws and standards aren't
really being enforced - much to the frustration of companies spending
thousands to millions of dollars on meeting these laws/standards.

On 2/10/07, B.K. DeLong <bkdelongpobox.com> wrote:
> Another PCI DSS violation. It will be interesting to see if any action

> is taken. I believe most states qualify as Tier 1 merchants....
>
> On 2/10/07, lyger <lygerattrition.org> wrote:
> >
> > http://www.fortwayne.com/mld/journalgazette/16667910.htm
> >
> > State technology officials sent letters Friday to 5,600 people and
> > businesses informing them that a hacker obtained thousands of credit

> > card numbers from the state Web site.
> >
> > Although numbers are usually encrypted or shortened to the last four

> > digits, the Office of Technology conceded a technical error allowed
> > the full credit card numbers to remain on the system and be viewed
> > by the intruder.
> >
> > "Like thousands of web sites, the state's web site is constantly
> > under attack from hackers," the letter said. "To repel these
> > attacks, the state has implemented the highest levels of security
> > and submitted itself to regular independent audits to ensure that
> > data is safeguarded".
> >
> > [...]
> > _______________________________________________
> > Dataloss Mailing List (datalossattrition.org)
> > http://attrition.org/dataloss Tracking more than 146 million
> > compromised records in 566 incidents over 7 years.
> >
> >
> >
>
>
> --
> B.K. DeLong (K3GRN)
> bkdelongpobox.com
> +1.617.797.8471
>
> http://www.wkdelong.org Son.
> http://www.ianetsec.com Work.
> http://www.bostonredcross.org Volunteer.
> http://www.carolingia.eastkingdom.org Service.
> http://bkdelong.livejournal.com Play.
>
>
> PGP Fingerprint:
> 38D4 D4D4 5819 8667 DFD5 A62D AF61 15FF 297D 67FE
>
> FOAF:
> http://foaf.brain-stream.org
>

--
B.K. DeLong (K3GRN)
bkdelongpobox.com
+1.617.797.8471

http://www.wkdelong.org Son.
http://www.ianetsec.com Work.
http://www.bostonredcross.org Volunteer.
http://www.carolingia.eastkingdom.org Service.
http://bkdelong.livejournal.com Play.

PGP Fingerprint:
38D4 D4D4 5819 8667 DFD5 A62D AF61 15FF 297D 67FE

FOAF:
http://foaf.brain-stream.org
_______________________________________________
Dataloss Mailing List (datalossattrition.org)
http://attrition.org/dataloss Tracking more than 146 million compromised
records in 566 incidents over 7 years.

This message and any files transmitted with it is intended solely for the designated recipient and may contain privileged, proprietary or otherwise private information. Unauthorized use, copying or distribution of this e-mail, in whole or in part, is strictly prohibited. If you have received it in error, please notify the sender immediately and delete the original and any attachments.
_______________________________________________
Dataloss Mailing List (datalossattrition.org)
http://attrition.org/dataloss
Tracking more than 146 million compromised records in 570 incidents over 7 years.