[Owasp-ireland] Potential of 4.2 million credit card details stolen via cyber attack.

davidrook david.rook at realexpayments.com
Tue Mar 25 06:40:20 EDT 2008

I think this is another example of PCI compliance being just that - a 
compliance standard. Being compliant (as is demonstrated here and with 
TJX) does not always equate to being secure.

PCI is ambiguous and it could be improved to try and make companies both 
secure and compliant. As for who is to blame, is it not a case of 6 of 
one and half a dozen of the other?


Eoin wrote:
> Maybe a bit slow on this one but I'd thought I'd share it
> A PCI compliant company was compromised and an estimate of 4.2 million 
> cc numbers were obtained.
> The issue arises that the company were PCI compliant and now the blame 
> game has ensued. The PCI assessors are being blamed, there is mention 
> of ambiguity regarding the PCI standard, where to apply some of the 
> technical controls etc..
> http://www.theregister.co.uk/2008/03/18/hannaford_data_breach/
> http://www.hannaford.com/Contents/News_Events/News/News.shtml
> http://www.merchantcircle.com/blogs/Pre-Paid.Legal.Services.Inc.-.Ind.Associate.786-390-0581/2008/3/4.2-million-account-numbers-stolen-at-Hannaford-Bros.-Co./70643
> -- 
> Eoin Keary OWASP - Ireland
> http://www.owasp.org/local/ireland.html
> http://www.owasp.org/index.php/OWASP_Code_Review_Project
> ------------------------------------------------------------------------
> _______________________________________________
> Owasp-ireland mailing list
> Owasp-ireland at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-ireland

David Rook | david.rook at realexpayments.com
Information Security Analyst

Realex Payments
Enabling thousands of businesses to sell online.

Realex Payments, Dublin, www.realexpayments.com
Castlecourt, Monkstown Farm, Monkstown, Co Dublin, Ireland
Tel: +353 (0)1 2808 559 Fax: +353 (0)1 2808 538

Realex Payments, London, www.realexpayments.co.uk
1 Hammersmith Grove, London W6 0NB, England
Tel: +44 (0)203 178 5370 Fax: +44 (0)207 691 7264

Pay and Shop Limited, trading as Realex Payments has its registered office at Castlecourt, Monkstown Farm, Monkstown, Co Dublin, Ireland and is registered in Ireland, company number 324929.

This mail and any documents attached are classified as confidential and
are intended for use by the addressee(s) only unless otherwise
indicated. If you are not an intended recipient of this email, you must
not use, disclose, copy, distribute or retain this message or any part
of it. If you have received this email in error, please notify us
immediately and delete all copies of this email from your computer

More information about the Owasp-ireland mailing list