Forwarded from: Harlan Carvey <keydet89@yahoo.com>
According to this article (and I'm not assuming that it's complete or
accurate), RV seems to think that a "hacker" broke in and stole data
for no other reason than credit card companies are reporting
fraudulant activity on customer's accounts...do others read this the
same way? Do you take away the same thing from the article?
If so...investigations by the outside security firm and the USSS are
not complete. So how do they know? If the investigations aren't
complete, why are they saying something as definitive as that? After
all, the statement seems to have come from their general counsel.
I guess one way to look at it is that by saying a "hacker" did it,
they can claim that this "hacker" was smart enough to outwit the
assembled forces within RV, and steal the data. You know...like the
T-Mobile hack - the one involving the unpatched server that some
manager made the business decision to leave unpatched...
--- InfoSec News <isn@c4i.org> wrote:
http://www.washingtonpost.com/wp-dyn/articles/A17831-2005Mar8.html
By Jonathan Stempel
Reuters
March 8, 2005
Retail Ventures Inc., Tuesday announced the theft of credit card and
purchase data of customers at 103 of its 175 DSW Shoe Warehouse
stores and said some fraudulent activity has been conducted since
the theft.
The theft is the latest reported instance in recent weeks in which
customers' personal data was stolen or lost. Other companies to
report such problems include Bank of America Corp. and ChoicePoint
Inc., where the thefts involved thousands of individuals' data.
Columbus, Ohio-based Retail Ventures said customer data was stolen
mainly over the past three months, though it was unable to say how
many customers were affected. It said it discovered the theft late
last week.
_________________________________________
Bellua Cyber Security Asia 2005 -
http://www.bellua.com/bcs2005
