Davey Winder
Tuesday, 28 July 2009 16:57
Business IT -
Security
More than half a million credit cards could have been compromised after unauthorised code was discovered on major merchant website host servers.
Network Solutions
is nothing less than a huge web hosting outfit, with a global customer
base covering some 7 million domains and more than 350,000 web sites.
Which is why, when it announces that some of
its servers have been breached and unauthorised codes uncovered upon
them, it's potentially a huge concern. Especially given the average
cost to a company of a single breach is put at
more than USD 6 million.
Indeed, given the fact that this code which impacted upon more than
4300 of its merchant websites had the potential to transfer data, and
during the period between 12th March and 8th June (when the discovery
was made) Network Solutions admits that more than half a million card
holder transactions could have been copied, I'd say that huge is almost
too small a word for it.
In a statement the company says that during the ordinary course of
business it "identified unauthorized code on servers supporting some of
our E-Commerce merchants’ websites. We promptly removed this code, and
all of our E-Commerce servers are functioning properly. No servers
supporting networksolutions.com were affected."
The company then goes on to admit that after conducting analysis with
he help of external experts "we determined that the unauthorized code
may have been used to transfer data on certain transactions for
approximately 4,343 of our more than 10,000 merchant websites to
servers outside the company."
Those experts informed Network Solutions on July 13th that this data
may have included credit card information, and may have captured
transaction data from approximately 573,928 card holders. "Exposure
varied by merchant" Network Solutions says, adding that it has
"notified law enforcement and are working closely with them on the
investigation."
"At this point, we have no reports or other reasons to believe that any
credit card account information has been misused and, under established
practice, credit card issuing companies generally will not hold our
merchants’ customers liable for any fraudulent purchases made using
their credit card account numbers that are reported in a timely way to
the issuer" a Network Solutions spokesperson says.
If you have a merchant account with Network Solutions then you are
being encouraged to visit a website established by the company with
further information at:
www.careandprotect.com
If you are a credit card holder then keep an eye on your statements for
purchases you did not make, just in case these numbers get out into the
wild where a
thriving black market exists.