BreachExchange mailing list archives
Re: Two weeks to contain a security breach?!?!? (fwd)
From: "Roy M. Silvernail" <roy () rant-central com>
Date: Tue, 18 Mar 2008 18:29:09 -0400
security curmudgeon wrote:
---------- Forwarded message ---------- From: Richard M. Smith <rms () computerbytesman com> "Hannaford became aware of the breach Feb. 27. Investigators later discovered that the data breach began on Dec. 7; it wasn't contained until March 10, said Carol Eleazer, Hannaford's vice president of marketing in Scarborough."
Speaking as someone who is at risk from this breach (I shop at Hannaford weekly, if not more often), I have to wonder about one detail that has been mentioned but not extensively discussed. Hannaford's web site has a sort-of press release that includes this quote:
The intrusion affected Hannaford stores, Sweetbay stores in Florida and certain independently-owned retail locations in the Northeast that carry Hannaford products.
Why would "independently-owned retail locations... that carry Hannaford products" settle their credit card transactions over Hannaford's network? I would expect that an independent retailer would be settling credit card transactions over their bank's system, or perhaps using a consolidation broker. Am I just naive? -- Roy M. Silvernail is roy () rant-central com, and you're not "It's just this little chromium switch, here." - TFT http://www.rant-central.com _______________________________________________ Dataloss Mailing List (dataloss () attrition org) http://attrition.org/dataloss Tenable Network Security offers data leakage and compliance monitoring solutions for large and small networks. Scan your network and monitor your traffic to find the data needing protection before it leaks out! http://www.tenablesecurity.com/products/compliance.shtml
Current thread:
- Two weeks to contain a security breach?!?!? (fwd) security curmudgeon (Mar 17)
- Re: Two weeks to contain a security breach?!?!? (fwd) Roy M. Silvernail (Mar 18)