Comments on: Network Solutions Data Breach Hits 574,000 Consumers

By: Affected Consumer

Affected Consumer — Fri, 28 Aug 2009 15:13:00 +0000

The consumers are the ones getting screwed. Our credit card numbers have been stolen and the merchants bitch and moan about their names being associated with the theft?!? I want to know which merchants were affected so I can figure out which of my cards was affected and cancel it. Forget about free credit monitoring, which is just a scam to sign me up for a “free trial period” and then slam me for monthly charges, and requires that I provide personal information (including SSN) in electronic, duplicable form to yet another faceless, anonymouse corporate behemoth who doesn’t give a rat’s a$$ about security. But god forbid I be given any useful information at all about my own f-ing financial transactions.

By: Greg McGraw

Greg McGraw — Thu, 06 Aug 2009 14:05:15 +0000

A more cautionary note would be… OK. Network Solutions got hacked over an 88 day period. Was this exclusive to them? Probably not. What about the small retailers hosting at GoDaddy, Web.com, HostGator, etc. These same malicious activities are going on elsewhere as we speak. I hope someone is checking them out. So what’s the solution? Change the old approach. Merchants need to eliminate capturing, storing and tranmitting payment data. Period. Investigate alternative solutions or services like hosted payment page technologies from a level 1 service provider. If you can’t lock down the sensitive data, get rid of it. There are other ways to securely serve your customers.

By: susan champoion

susan champoion — Tue, 04 Aug 2009 21:26:45 +0000

The scariest part of it all is that no matter what they do the data is still there in some format. The goal is to somehow remove all the data. If thieves can’t find a good pond to fish in with lots of fish (all the credit card data); they have to go somewhere else.

By: Tom Mahoney

Tom Mahoney — Tue, 04 Aug 2009 21:25:16 +0000

Once again the industry is doing its best to put all the blame on the path of least resistance – the merchant.

By: Todd Michaud

Todd Michaud — Thu, 30 Jul 2009 18:54:04 +0000

The quote about a merchant being considered compliant until there is a breach (and then having that compliance revoked) is outrageous. First Hannaford, now Network Solutions, who is next. What is the point of gaining compliance?

To me the scary part of this is that since PCI-DSS cannot seem to “manage” the issue, states are taking matters in their own hands and in most cases taking horrible approaches (it is almost impossible for a small retailer to be compliant with the new Massachussets data privacy law). It’s only a matter of time before Congress tries to stave off the state laws with some expansion of FACTA or something new all together. I am not looking forward to that day.

By: Della Lowe

Della Lowe — Wed, 29 Jul 2009 19:31:41 +0000

Compliant but not secure – it is a chant that security vendors have been singing for some time and getting accused of just trying to sell their wares. A breach of this enormity while “compliant” should send a real message to those who are still looking at the cost/benefit analysis and betting that they won’t get breached. One telling quote in your piece is “During an ordinary maintenance sweep in early June.” Do you leave your house and only lock the door once every three months. To protect your network and your data you need not only strong encryption but also 24×7 monitoring of both your wired and your wireless network(s).