The Hannaford data breach represents an interesting situation where the breached company was actually PCI compliant at the time of the breach. From what I've gathered, the company believed it had strong security measures in place. The breach occured as hackers where able to capture data during the transmission of card authorization. While the PCI Data Security Standard prohibits retailers from transmitting credit card data unencrypted over public, open networks, it doesn't have the same requirement for internal networks.
http://www.boston.com/business/articles/2008/03/18/grocer_hannaford_hit_by_computer_breach/
http://www.informationweek.com/security/showArticle.jhtml?articleID=206904986&cid=RSSfeed_TechWeb
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment