From
The Washington Post, Tuesday, December 20, 2005;
Security Software Firm's Customer Database Hacked
[i]The Washington Post[/i] wrote:Guidance Software Inc. -- a leading provider of software used to diagnose hacker break-ins -- has itself been hacked, exposing financial and personal data connected to thousands of law enforcement officials and network-security professionals.
----------------------------
Michael G. Kessler, president of New York City-based computer-forensics investigative firm Kessler International, received a letter notifying him that the company's American Express card was among those compromised by the attackers. Kessler received the notice from Guidance at the same time a company credit bill arrived with what he said was $20,000 in unauthorized charges for pay-per-click advertising at Google.com.
----------------------------
Guidance's EnCase software is used by hundreds of security researchers and law enforcement agencies worldwide, including the Secret Service, the FBI and New York City police.
----------------------------
Guidance had stored customer records in unencrypted databases and indefinitely retained customers' three-digit verification codes, according to Colbert and the notification letter sent to customers.
Merchant guidelines published by both Visa and MasterCard require sellers to encrypt customer credit card databases and to discard verification numbers after using them in a transaction. The penalty for violating those policies can be as high as $500,000 per incident.
----------------------------
Another security professional who got the notification letter said he was surprised that Guidance did not detect the intrusion for nearly two weeks, a lapse in time that could make it much more difficult to catch the perpetrators.
Feel safe
Homepage
Forum
Drivers
HMM
MTM
Feed
