A massive data breach at Network Solutions lasted three months, but its customers were just informed yesterday, after the close of business.
Susan Wade, Director of Public Relations for Network Solutions, spoke to The Tech Herald and explained some of the finer points to the DSA issued on Friday. Currently there is an investigation underway, and notices are going out to the 4,343 customers via email and postal notifications.
Wade explained that the malicious code was discovered during routine operations on a subset of servers that house the E-Commerce platform offered to Network Solutions customers.
E-Commerce customers are on a set of servers that are segmented from the Network Solutions infrastructure. The subset of servers where the malicious code was discovered hosted the 4,343 merchant sites that were attacked. Another point of interest is that the malicious code was discovered on only a fraction of the sites hosted for E-Commerce operations, where there are more than 10,000 sites overall.
The code may have captured transaction data from 573,928 cardholders during its run this spring. Network Solutions said that the merchants’ customers were exposed from March 12, 2009 until June 8, 2009. The level of exposure could vary depending on transaction volume, but transactions made after June 8, 2009 were not exposed to attack, as the hijacked sites were cleaned by then.
There is no information on how the code was planted on the sites. While examination of the code shows that it had the ability to ship data off to a third party, and Network Solutions believes that it did just that, the exact code is not available for public review. There is also no public information as to where the data believed to be stolen was sent.
So, three months on and they still have no clue how the breach occurred, if the information has been used for malicious purposes or who is responsible. Considering the fact that Network Solutions retains a large amount of personal account details for many online businesses, one would think that they would have better security measures in place. Apparently, they don’t.
