Best Buy Suffers Second Email Breach

[security curmudgeon <jericho () attrition org>]

http://www.darkreading.com/database-security/167901020/security/attacks-breaches/229402808/best-buy-suffers-second-email-breach.html

Best Buy Suffers Second Email Breach
Epsilon hack victim's customer emails exposed yet again -- via a different vendor
May 04, 2011 | 05:05 PM 
By Kelly Jackson Higgins
Dark Reading

Best Buy, which was among the 100 or so companies hit in the recent 
Epsilon breach, is responding to a second consecutive breach at the hands 
of one of its vendors.

The big-box electronics retailer found on April 22 that email addresses of 
some of its customers had been "accessed without authorization" via one of 
its vendors, according to a Best Buy spokesman, who declined to name the 
vendor. Best Buy had already parted ways with that provider prior to the 
discovery of the breach, he said, due to a "strategic business decision."

Best Buy would not elaborate on how many customer emails were stolen or 
provide any details about the attack. It's unclear whether the latest 
breach was in any way connected to the Epsilon incident.

"I don't know that they are related. But it's an interesting coincidence 
time-wise," says Dave Marcus, director of McAfee Labs security research 
communications.

[..]
_______________________________________________
Dataloss-discuss Mailing List (dataloss-discuss () datalossdb org)
Archived at http://seclists.org/dataloss/
Unsubscribe at http://datalossdb.org/mailing_list

Learn encryption strategies that manage risk and shore up compliance.
Download Article 1 of CREDANT Technologies' The Essentials Series:
Endpoint Data Encryption That Actually Works
http://credant.com/campaigns/realtime2/gap-LP1/