http://www.vancouversun.com/newsite/business/010519/5020497.html Gillian Shaw Vancouver Sun Saturday 19 May 2001 Internet shoppers surfing A&B Sound's online store early Friday were surprised to find customer names, credit-card numbers and expiry dates on the Web site before the company discovered the security breach and shut it down. The breach affected only shoppers with outstanding orders at the online store. A&B Sound was contacting those customers Friday, warning them to contact their credit-card issuer. Customers at the company's regular retail outlets were not affected. A & B Sound representative Tim Howley said his company and police are investigating the breach, which was thought to have occurred in the early hours of Friday morning. He said the company doesn't yet know where the hacker originated or how security was compromised. "We want to assure people we're full steam ahead on an investigation and we're taking it very seriously," Howley said. Reading from a press release, he said: "A&B has reason to believe that credit-card information belonging to customers who had open, unprocessed orders on the Web site may have been obtained, and unauthorized use of that information may have occurred. www.absound.ca was immediately shut down by A&B Sound pending an internal and police investigation. "A&B Sound emphasizes thebreach is limited to open, unprocessed online orders and that the security of credit-card information belonging to its retail-store customers has not been affected in any way." Howley said the Web site, which sells only movies and CDs, accounts for only one per cent of the company's retail sales. He said he wouldn't know the number of credit cards affected by the breach until the investigation is complete. Valerie MacLean, vice-president of consumer affairs at the Better Business Bureau of Mainland B.C., said credit-card consumers shouldn't panic. "In a situation like this where the security of a Web site has been compromised, if someone gets your credit-card information, the credit-card company will be responsible for it, not the consumer," she said. "I wouldn't over-react. Go to your credit-card company, tell them what has happened and get a new card. "You're not responsible for any fraudulent transactions on your account." MacLean said despite the inconvenience of such incidents as Friday's security breach at the A&B site, credit cards are still the best method of payment. "You are protected from fraudulent transactions and have the protection of a charge-back provision in your card-holder agreement if you don't receive the goods or services within a prescribed period of time," she said. "It is certainly unsettling and inconvenient when something like this happens, but you won't lose money." MacLean also recommended consumers use one credit-card for all online transactions, with a low limit as an extra precaution. Major credit-card companies said Friday they had not yet heard from A&B Sound customers, but newsgroups on the Internet were abuzz with subscribers worried their credit-card information may have been released online. ISN is hosted by SecurityFocus.com --- To unsubscribe email isn-unsubscribeat_private
This archive was generated by hypermail 2b30 : Mon May 21 2001 - 01:32:47 PDT