By Brian Krebs
Washington Post Staff Writer
Saturday, July 25, 2009
Web services provider Network Solutions disclosed Friday that hackers broke into its servers and stole information on more than 573,000 debit and credit card accounts from its customers over the past three months.
The Herndon firm discovered in early June that unknown attackers hacked into servers that provide e-commerce services such as Web site hosting and payment processing to at least 4,343 small to mid-size online stores -- about half of its customer base.
The hackers left behind malicious code, which allowed them to intercept personal and financial information for people who made purchases at the stores hosted on those servers, Network Solutions spokeswoman Susan Wade said.
Wade said the company is working with federal law enforcement and a commercial data breach forensics team to determine the cause and source of the break-in.
Stolen payment data include transactions made between March 12 and June 8.
Network Solutions has begun notifying affected stores by e-mail and postal mail, and it is offering to notify the stores' customers as well. Forty-five states and the District of Columbia have enacted laws requiring customer notification when a data breach or loss jeopardizes the security of information, but the rules for complying with those laws differ from state to state.
"We feel terribly about it, to burden them with the notification process, which can be kind of tricky because there is no one federal data breach statute," Wade said.
Network Solutions also is offering to pay for 12 months of credit monitoring service through TransUnion for each consumer whose financial and personal data were compromised.