Friday, April 30, 2010

Data Leaks, Data Sharing, and Data Breaches

Evan Schuman, Editor of StorefrontBacktalk, has some interesting comments about Albert Gonzales, the ringleader behind the data breach at Heartland Payment Systems, who was recently sentenced to up to 25 years in jail.

"Part of what amazed prosecutors in this case," says Schuman, "was how the thieves could divert so much data out of a system without it being noticed. That particular problem is getting even more complicated by the soaring number of outsourced services that are constantly grabbing data off of retail servers.

"The plethora of data departures include updated information leaving to fuel mobile sites and services that handle customer comments, product shipments and purchases being processed locally on social sites. One side effect of all of those communications is that improper data transfers are obscured. Administrators have chased down so many such data exchanges and learned of yet another partner altering its procedures that a clever piece of malware could easily escape detection, if it doesn’t get too greedy.

"[Kim] Peretti [,senior counsel in the U.S. Department of Justice’s Computer Crime Section who oversaw this case,] fears, though, that the next generation of Gonzalezes will likely target smaller and midsize retailers, which ostensibly have less stringent security and probably watch their event logs even less often than their larger competitors. Still, with less going on, even a small errant data transmission might stand out more at a smaller merchant."
 
Merchants beware! And remember: PCI-compliance requires constant vigilence!

No comments:

Web Analytics