Hackers have broken into Web servers owned by domain registrar and hosting provider Network Solutions, planting rogue code that resulted in the compromise of more than 573,000 debit and credit card accounts over the past three months, Security Fix has learned.
Herndon, Va. based Network Solutions discovered in early June that attackers had hacked into Web servers the company uses to provide e-commerce services – a package that includes everything from Web hosting to payment processing — to at least 4,343 customers, mostly mom-and-pop online stores. The malicious code left behind by the attackers allowed them to intercept personal and financial information for customers who purchased from those stores, Network Solutions spokeswoman Susan Wade said.
Wade said the company is working with federal law enforcement and a commercial data breach forensics team to determine the cause and source of the break-in. The payment data stolen was captured from transactions made between March 12, 2009 and June 8, 2009.
On Friday, Network Solutions began notifying affected customers by e-mail and postal mail. Due to the potential high cost of notifying individual victims, the hosting company is offering to handle the notification of affected customers of the breached online stores. Forty-five states and the District of Columbia have enacted laws requiring organizations to notify consumers when a data breach or loss jeopardizes the security of personal and financial data, but the rules for complying with those laws differ from state to state.
“We feel terribly about it to burden them with the notification process, which can be kind of tricky because there is no one federal data breach statute,” Wade said.
Network Solutions also is offering to pay for 12 months of credit monitoring service through Trans Union for each consumer whose financial and personal data was compromised.