Network Solutions Suffers Large Data Breach
File Under “Faulty Plumbing”: For nearly three months, malware planted by hackers on servers operated by Network Solutions intercepted more than 573,000 credit and debt card numbers used to services rendered by the domain registration and hosting service provide. >> UPDATE: Network Solutions Say Only eCommerce Customers Affected by Breach According to a report by the Washington Post’s Security Fix blog, the breach occurred sometime around March 12. Hackers inserted code on Network Solutions’ servers that sniffed customer credit card number and personal identifying information. The breach affected accountholders of Network Solutions domain registration and Web services, as well as numerous online retailers that utilize the company’s hosting and online payment services. Network Solutions doesn’t know how the hackers penetrated its security or the origins of the attack. A company spokesperson told Security Fix that they feel “terrible” about the impact the breach will have on individual and business customers. Network Solutions is working with law enforcement officials, and is covering the notification of customers of its affected retailers. It’s also offering to cover the 12-month cost of credit monitoring services of affected customers. It should come as no surprise that hackers targeted Network Solutions, since it support so many business clients and provides online payment processing services. While everyone knows about the massive breaches against TJX (94 million credit cards) and Hannaford Supermarkets (4 million), the payment processors themselves are increasingly under attack. By comparison, the Network Solutions breach is relatively small. In 2005, CardSystems Solutions, a processor of Visa and MasterCard payments, suffered a massive breach that exposed more than 40 million credit card numbers. In January, Heartland Payment Systems disclosed that a network breach may have exposed more than 100 million credit cards. Incidents such as Network Solutions just go to show that whenever you accept and hold credit card information, you're paint a huge target on your network. It then becomes incumbent upon the organization to measure its threat level and practice appropriate risk management practices to reduce the probability of a data breach. |
Comments (6)
Hi Larry,
Thanks for posting this. As you have stated Network Solutions is working with law enforcement officials, and is covering the notification of customers of its affected retailers.
Help from the community sucha as this post is highly appreciated.
Thanks,
Shashi
Posted by Shashi Bellamkonda | July 25, 2009 2:21 AM
The tough part is the notification letter that will be sent to the customers of their e-Commerce users will include the company name and URL of the e-Commerce site. We are very upset that our brand/company reputation will be tarnished by the Network Solutions problem.
We are extremely concerned that our customers will not distinguish between a problem that Network Solutions had and blame us on industry forums. We think the notification letter should not include our domain or company name unless it is absolutely required by a statute in our state. It should indicate that there was a breach at a Network Solutions site that caused the issue and they can take the fall for this. We are just a small family business in a very chatty niche industry were customers live on forums to gossip about the various retailers and brands. It is spelling disaster. . .
Posted by sarah | July 25, 2009 10:23 AM
Not to be overly critical here, but please get the name of the supermarket chain correct, it's Hannaford not Hanniford.
Posted by none | July 25, 2009 11:07 AM
You are correct. It's what I get for allowing my fingers to move faster than my brain.
Posted by Larry Walsh
| July 25, 2009 11:26 AM
Well it looks like one of ICANN's favorite registrars seems to have been hacked. I am not surprised, and in fact given their lack of good security over the past few years, it's a miracle they haven't been hacked long before now. I now wonder how many of those whom may have been impacted NSOL will be financially compensating? My guess is -0-.
BTW, where was ICANN's famed SSAC? Busy editing Wikipedia perhaps?
Posted by Jeffrey Williams | July 26, 2009 5:58 PM
I am a consumer affected by this breach. Let me say that Network Solutions is not doing their best to secure consumers whom were affected. i recieved a letter from transunion and all it contained was the date of the purchase and card TYPE. I have several Visa cards and narrowing down which card was affected is now going to take some time.
I contacted Network Solutions and they refused to offer up the vendor name or the last 4 digits of the card affected. i personally do not hold the vendor responsible but knowing who the vendor was would help me narrow down the card used. Guess i will have to cancel all my Visa cards
I must also say that Network Solutions is not doing their best to secure consumers from this breach and that Network Solutions should be advising consumers to cancel their cards and get new ones. 1 year free monitoring is of no comfort if 18 months from now some Nigerian hacker knows that you are no longer being monitored and sets out using the 550,000+ account numbers he now has.
Posted by Pissed off | August 19, 2009 10:49 PM