Network Solutions Breach Is Handled Well

By: Absolute Team | 8/6/2009

Who Breached: Network Solutions
Number Affected: 500,000+
Information breached: Credit card information
How: hacked

As the result of a hacker penetrating their e-commerce system, Network Solutions has determined that approximately 573,938 credit card holders may have had their data transfered. The company detected that hackers had placed unauthorized code on servers for some e-commerce merchants' websites, and that this code may have been used to transfer data on some transactions. The credit card data was encrypted and PCI-compliant, and it is currently unknown how the malicious code entered the system.

From their news report:

The unauthorized code may have been used to transfer data on certain transactions for approximately 4,343 of our more than 10,000 merchant websites to servers outside the company. On July 13, 2009, we were informed by our outside forensic experts that the data being transferred may have included credit card information. The code may have captured transaction data from approximately 573,928 cardholders for certain periods this spring.

Merchants and their customers are currently being notified. Network Solutions has additionally put together an informational website for their merchants at Consumer information is also included there for reference. They have included a blog in the website to answer questions that have arisen in the last week.

The quick and forthright response by Network Solutions has been quite impressive. They seem very keen to answer questions and be public with their responses. In addition, they have offered to foot the bill for customer notification, rather than those costs falling to the merchants affected.

Other notable data breaches from July:

  • HSBC Life, Lost Media, 180,000 affected (read more)
  • University of California San Diego Moores Cancer Center, Hack, 30,000 affected
  • LexisNexis, possible organized crime, >13,000 (read more)
  • Alberta Health Services Edmonton, Virus, >11,000 (read more)

Via datalossdb, the register,

Financial Services