[rescue] FC-AL drives on sale at geeks.com

Dan Duncan danduncan at gmail.com
Tue Jan 8 18:19:18 CST 2008


On Jan 8, 2008 7:42 AM, Lionel Peterson <lionel4287 at verizon.net> wrote:
> Well, OK, but to be honest, they have had (I guess) one security breech in 10-
> 12 years, and they did the right thing (notified customers that might have
> been at risk). After this incident, I can only suspect their security would
> improve, leading me to believe they could be safer in the future.

1)  They improperly stored CVV numbers (which is to say, stored them PERIOD)
2)  took 30 days to notify customers they were hacked.
     a) because it took that long to figure it out or possibly
     b) so they could enjoy a sales bump through Christmas

None of the above warm my "did the right thing" cockles.

> Personally, I will continue to shop with them but I understand your decision -
> it just concerns me that if we punish retailers that do the right thing (see
> above), what is the incentive for other retailers to do the right thing?

They didn't do the right thing, so I have no problem at all taking any
further business from them.

> If everyone dropped a retailer that had a similar problem, a "bad" retailer could
> wipe out their competition by simply having someone hack into each
> competitor's website and call their data security into question (no need to
> actually compromise the database, just raise the question)...

If a competitor can hack into their website, so can anyone else.
There is shit you just don't
make accessible from the internet.  That makes it pretty difficult to
hack.  If they weren't
storing CVV data, it would be a pretty impressive hack to obtain it.

A number of POS retailers have been caught storing PIN information for
customers who make purchases
with debit cards.  I just wish Visa and Mastercharge had the stones to
uphold their service agreement
and suspend their privs for a while.  Maybe that would drive the
lesson home not to handle financial
information like it was last week's sales flyer.


-- 
Dan Duncan



More information about the rescue mailing list