The PSC, who call themselves the “Payment and Security Experts”, audited Network Solutions for PCI compliance. Unfortunately, Network Solutions just warned merchants that they were hacked and exposed for several months.
In a letter sent to merchants who use its Ecommerce Hosting services, the company said that someone illegally installed software on company servers used handle credit card transactions initiated by 573,928 people between March 12 and June 8, 2009.
The code “may have been used to transfer data on certain transactions for approximately 4,343 of our more than 10,000 merchant Websites outside the company,” Network Solutions said in the letter, signed by company chairman and CEO Roy Dunbar and sent to merchants on Friday.
This will again raise the issue of compliance versus security. The parties involved, including the card brands, may start to dance around fault or explain why this is not a failure of the Data Security Standard (DSS). I say breaches like this one are not a sign of failure of the DSS, and we should really be focused on learning from the specifics of the attack rather than nitpicking a standard.
Hi Davi, the Network Solutions team is working with law enforcement on the specifics of the attacks. In the meantime, we are providing real time assistance to E-commerce customers affected by the situation at http://www.careandprotect.com.
Thanks,
NG @NetworkSolutions