I want data loss reasons, not numbers

admin
August 7, 2009

Media reporting of data breach events like the UK NHS, Heartland, Hannaford  and Bank of America has overwhelming focussed on the raw numbers of customer data records that were breached.
Little information is available regarding the root causes – how attackers exploited the system and people vulnerabilities to get the data.
Although US legislation requires disclosure of a data loss event, it does not require disclosure of the root causes of  the event.

In the Hannaford Supermarket data breach case of over 4 million credit cards, the State of Massachusetts refused to provide details on their investigation.  Hannaford claims that malware attacked their store servers and promptly signed a contract with IBM to replace over 250 store back office servers.
Let’s take closer look and see if this makes sense.
Store back office servers in a retail POS system are never connected to the public Internet and therefore could not be attacked directly by malware. It is possible that there was network connectivity from the company’s internal administration network of Windows users to store back office servers and this may have served as a vector for malware delivery. Possible and if true, a reason to segregate the store networks from the administration network using technology such as Waterfall Systems but not a reason to replace all the back office servers.
My gut feeling is that Hannaford may have had a case of credit card authorization requests being saved in temporary files that were accessible from a Windows share on the administration network. Which made it childs play to steal by an insider with reasonable knowledge and access to the network.

More Articles

Understanding Withdrawal Speeds and Limits at Dolfwin Casino In this article, we will delve into the crucial aspects of withdrawal speeds and limits at Dolfwin

Read More »

Explora la experiencia móvil que ofrece Spin Casino MX a sus usuarios En la era digital actual, los casinos en línea han evolucionado para ofrecer

Read More »

Descubre cómo contactar a Spin Casino: El número de contacto que necesitas En este artículo, te proporcionaremos toda la información necesaria para contactar a Spin

Read More »

SG Casino Erfahrungen: Was sagen die Spieler über die Vielfalt der Boni und Aktionen? In diesem Artikel beleuchten wir die Erfahrungen von Spielern mit den

Read More »