[Owasp-codereview] [Owasp-ireland] Potential of 4.2 million credit card details stolenvia cyber attack.

Brian Honan brian.honan at bhconsulting.ie
Tue Mar 25 07:02:14 EDT 2008


 
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Sorry I forgot to say in my last mail.
 
Who is to blame?  Well while everyone points the fingers at
Hannafords, the PCI assessors and VISA/Mastercard themselves - I
suggest we look at the criminals who conducted the breach.  After all
if someone breaks into my house, is that my fault? my alarm company's
fault? or that of the lock manufacturers? or is it the criminal who
committed the burglary?
 
Brian
 
Brian Honan
BH Consulting
Helping You Piece IT Together
T:  +353-1-4404065
M:  +353-868114066
E:  brian.honan at bhconsulting.ie
W:  http://www.bhconsulting.ie 
B:  http://www.bhconsulting.ie/blog

Supporting Global Security Week http://www.globalsecurityweek.com 

This message is for the named person's use only. If you received this
message in error, please immediately delete it and all copies and
notify the sender. You must not, directly or indirectly, use,
disclose, distribute, print, or copy any part of this message if you
are not the intended recipient. Any views expressed in this message
are those of the individual sender and not of BH Consulting.
BH Consulting is a registered trade name for BH IT Consulting
Limited, Company Registration Number: 393479 with registered offices
at Suite B011, The LINC Centre, Blanchardstown Road North, Dublin 15.
 


________________________________

From: owasp-ireland-bounces at lists.owasp.org
[mailto:owasp-ireland-bounces at lists.owasp.org] On Behalf Of Eoin
Sent: 25 March 2008 10:26
To: owasp-ireland at lists.owasp.org; Owasp-codereview at lists.owasp.org;
owasp-testing at lists.owasp.org; owasp-leaders-bounces at lists.owasp.org
Subject: [Owasp-ireland] Potential of 4.2 million credit card details
stolenvia cyber attack.


Maybe a bit slow on this one but I'd thought I'd share it
 
A PCI compliant company was compromised and an estimate of 4.2
million cc numbers were obtained.
The issue arises that the company were PCI compliant and now the
blame game has ensued. The PCI assessors are being blamed, there is
mention of ambiguity regarding the PCI standard, where to apply some
of the technical controls etc..

http://www.theregister.co.uk/2008/03/18/hannaford_data_breach/
 
 
http://www.hannaford.com/Contents/News_Events/News/News.shtml
 
 
http://www.merchantcircle.com/blogs/Pre-Paid.Legal.Services.Inc.-.Ind.
Associate.786-390-0581/2008/3/4.2-million-account-numbers-stolen-at-Ha
nnaford-Bros.-Co./70643
- -- 
Eoin Keary OWASP - Ireland
http://www.owasp.org/local/ireland.html
http://www.owasp.org/index.php/OWASP_Code_Review_Project 

-----BEGIN PGP SIGNATURE-----
Version: PGP 8.1

iQA/AwUBR+jbq4u28IDxtc99EQJFAgCgkJJLxpgCvtyRZKybV8SAa41/vugAoPlA
0H8GYJZ0We6/rkyJopAsesMC
=EN8v
-----END PGP SIGNATURE-----



More information about the Owasp-codereview mailing list