The Tech Herald

Network Solutions: 573,928 possibly compromised in attack (Update)

by Steve Ragan - Jul 28 2009, 01:09

Network Solutions: 573,928 possibly compromised in attack. (IMG:J.Anderson)

Update:

Just a small update to the law enforcement side of things. After speaking with us, Network Solutions confirmed that they were working with the U.S. Secret Service on the investigation side of things. They could not go into details about the code that was discovered.

Original Article:

Network Solutions issued a Data Security Alert (DSA) on Friday, which reported the discovery of malicious code planted on servers supporting their E-Commerce merchants’ websites. The code, discovered on 4,343 Network Solutions customer sites, might have captured transaction data for almost 574,000 cardholders.

Susan Wade, Director of Public Relations for Network Solutions, spoke to The Tech Herald and explained some of the finer points to the DSA issued on Friday. Currently there is an investigation underway, and notices are going out to the 4,343 customers via email and postal notifications. The Tech Herald was able to obtain a copy of the letter being sent to those affected by the attack. [Network_Solutions_Merchant_Letter_Final]

Wade explained that the malicious code was discovered during routine operations on a subset of servers that house the E-Commerce platform offered to Network Solutions customers.

E-Commerce customers are on a set of servers that are segmented from the Network Solutions infrastructure. The subset of servers where the malicious code was discovered hosted the 4,343 merchant sites that were attacked. Another point of interest is that the malicious code was discovered on only a fraction of the sites hosted for E-Commerce operations, where there are more than 10,000 sites overall.

The code may have captured transaction data from 573,928 cardholders during its run this spring. Network Solutions said that the merchants’ customers were exposed from March 12, 2009 until June 8, 2009. The level of exposure could vary depending on transaction volume, but transactions made after June 8, 2009 were not exposed to attack, as the hijacked sites were cleaned by then.

There is no information on how the code was planted on the sites. While examination of the code shows that it had the ability to ship data off to a third party, and Network Solutions believes that it did just that, the exact code is not available for public review. There is also no public information as to where the data believed to be stolen was sent.

While the investigation is still ongoing, Wade confirmed that they are working with law enforcement. However, the exact law enforcement agencies involved were not mentioned during our talk with her, as that is information that the legal department would have access to, and no one from that department was available at the time this story goes live. See update.

“At this point, we have no reports or other reasons to believe that any credit card account information has been misused and, under established practice, credit card issuing companies generally will not hold our merchants’ customers liable for any fraudulent purchases made using their credit card account numbers that are reported in a timely way to the issuer,” the DSA said.

Merchants expected to send notices to customers:

The notice being sent to the affected merchants, signed by Network Solutions Chairman and CEO Roy Dunbar, informs the merchants that, “Under various state statutes, a retailer is to inform its U.S. customers when the security of their personal information is compromised.”

“To help with this responsibility, we have engaged TransUnion, one of the leading credit reporting bureaus and an organization with extensive experience helping companies address customer security issues, to help you with the required communications to your U.S. customers,” the letter goes on to say.

Since notification laws are different for each state, merchants are being given the option to opt-in and have Trans Union handle the customer notifications on their behalf. Something many will likely take advantage of, considering that small businesses often do not have the means to deal with such incidents, and they make up a decent percentage of Network Solutions’ customer base.

None of the business names used by the 4,343 merchants that were compromised by the malicious code have been released. From this point on it will be up to them to notify their customers. 

As mentioned, the incident is still being investigated, and the notice just went out today. Once The Tech Herald gets more information we will update this story.

Around the Web

Comment on this Story

comments powered by Disqus

From Autosaur.com

Monaco Grand Prix Circuit Map

Infiniti Red-Bull have released a Monaco Grand Prix circuit map showing a string of G-Force and speedo readings recorded in their cars on a normal lap. The team also described the most complicated turns on the track: Turn 1, Sainte Devote, sees drivers hit the barrier if they come into corner just 1km/h too fast [...]

The post Monaco Grand Prix Circuit Map appeared first on Autosaur.

Daniel Day-Lewis and Yasmin Le Bon at Mille Miglia rally in Italy

Jaguar have released a cool little film about their experience at this year’s Mille Miglia car rally in Italy — featuring stars including triple Oscar-winner Daniel Day-Lewis and model Yasmin Le Bon. The video has short interviews with several of the famous participants about taking part in the 1,000-mile event, which celebrates the original Mille [...]

The post Daniel Day-Lewis and Yasmin Le Bon at Mille Miglia rally in Italy appeared first on Autosaur.

Man wins Batman version of Nissan Juke

A BATMAN fan has won a special version of the Nissan Juke inspired by the films — and which has a string of features more normally seen on the Batmobile. Adam Williams was presented with the matt black vehicle after a real Batmobile (well, as real as they get) was driven through the streets of the [...]

The post Man wins Batman version of Nissan Juke appeared first on Autosaur.