[ISN] US auto parts store spills data to hackers

From: InfoSec News (alerts@private)
Date: Wed Apr 02 2008 - 01:22:36 PST


http://www.theregister.co.uk/2008/04/01/auto_parts_store_hack/

By John Leyden
The Register
1st April 2008

Advance Auto Parts, the US motoring parts retailer, is the latest firm 
to give up customer credit card data to hackers.

The bad guys gleaned financial information on up to 56,000 customers, 
through an attack affecting 14 stores nationwide, the firm [1] said on 
Monday.

The mechanism of the attack and the identity of the perps are unknown. 
Advance Auto has started sending letters directly to affected customers. 
They will be offered a year's free credit monitoring.

The firm has notified credit, debit and check processors. Advance Auto 
has also set up a toll-free number (1-800-704-1154) to field customer 
calls.

The retailer reckons the breach has been contained but has hired 
third-party security consultants to identify ways to improve security. 
Meanwhile, it's working with law enforcement agencies in a bid to trace 
the culprits.

The problems at Advance Auto Parts follow recent breaches at US grocery 
chain Hannaford, affecting 4.2 million credit card records, and at 
cut-price retailer TJX, affecting 45.7 million records. The Hannaford 
breach is blamed on a sophisticated malware attack, while a insecure 
wireless network was at fault for the that made TJX the poster child 
last year for massive data breaches.

[1] http://www.advanceautoparts.com/creditsecurity/default.asp


___________________________________________________      
Subscribe to InfoSec News
http://www.infosecnews.org/mailman/listinfo/isn 



This archive was generated by hypermail 2.1.3 : Wed Apr 02 2008 - 01:37:36 PST