Network Solutions breach exposes 573,928 credit cards

Davey Winder
Tuesday, 28 July 2009 16:57

Business IT - Security

More than half a million credit cards could have been compromised after unauthorised code was discovered on major merchant website host servers.

Network Solutions is nothing less than a huge web hosting outfit, with a global customer base covering some 7 million domains and more than 350,000 web sites.

Which is why, when it announces that some of its servers have been breached and unauthorised codes uncovered upon them, it's potentially a huge concern. Especially given the average cost to a company of a single breach is put at more than USD 6 million.

Indeed, given the fact that this code which impacted upon more than 4300 of its merchant websites had the potential to transfer data, and during the period between 12th March and 8th June (when the discovery was made) Network Solutions admits that more than half a million card holder transactions could have been copied, I'd say that huge is almost too small a word for it.

In a statement the company says that during the ordinary course of business it "identified unauthorized code on servers supporting some of our E-Commerce merchants’ websites. We promptly removed this code, and all of our E-Commerce servers are functioning properly. No servers supporting networksolutions.com were affected."

The company then goes on to admit that after conducting analysis with he help of external experts "we determined that the unauthorized code may have been used to transfer data on certain transactions for approximately 4,343 of our more than 10,000 merchant websites to servers outside the company."

Those experts informed Network Solutions on July 13th that this data may have included credit card information, and may have captured transaction data from approximately 573,928 card holders. "Exposure varied by merchant" Network Solutions says, adding that it has "notified law enforcement and are working closely with them on the investigation."
 
"At this point, we have no reports or other reasons to believe that any credit card account information has been misused and, under established practice, credit card issuing companies generally will not hold our merchants’ customers liable for any fraudulent purchases made using their credit card account numbers that are reported in a timely way to the issuer" a Network Solutions spokesperson says.

If you have a merchant account with Network Solutions then you are being encouraged to visit a website established by the company with further information at: www.careandprotect.com

If you are a credit card holder then keep an eye on your statements for purchases you did not make, just in case these numbers get out into the wild where a thriving black market exists.