RSS
July 28, 2009 | admin | Comments 0

Network Solutions Security Breach

Shoppers of Network Solutions hosted websites may have fallen victim to theft of their credit card data between March 12th and June 8th.  Network Solutions is investigating a breach that may have impacted over 500,000 users.

During routine maintenance in June, Network Solutions found some strange code on their servers and called in an outside source to help determine the source of it.  After some investigation and attempted code cracking the result is a possibility that it is related to theft of credit card data (including name, address and card numbers).  In many cases code such as what may have been found on NS server could most likely redirect a transaction in progress to be compromised before it hit the secure encrypted server.

Over 4,000 of their e-commerce clients were notified of the breach on Friday.

Network Solutions is being proactive to help resolve the issues and are offering a years free credit card monitoring for affected customers through TransUnion.  Merchants and customers can get more information at the new Care and Protect site that has been set up for them.

Statement from NS:

“In the ordinary course of business, Network Solutions identified unauthorized code on servers supporting some of its ecommerce merchants’ websites. The code was promptly removed, and all of the ecommerce servers are functioning properly. No servers supporting Networksolutions.com customers were affected.

After conducting an analysis with the assistance of outside experts, it was determined that the code may have been used to transfer data on certain transactions for approximately 4,343 of our more than 10,000 merchant websites to servers outside the company. The code may have captured transaction data from approximately 573,928 cardholders for certain date periods this spring. Exposure varied by merchant, but in all cases it took place sometime between March 12, 2009 and June 8, 2009. Transactions after June 8, 2009 were not exposed to the unauthorized code. Law enforcement officials have been notified and we are working closely with them on the investigation.

At this point, we have no reports or other reasons to believe that any credit card account information has been misused. Under established practice, credit card issuing companies generally will not hold our merchants’ customers liable for any fraudulent purchases made using their credit card account numbers that are reported in a timely manner to the issuer.”

So far, only ecommerce sites were at risk.  Network Solutions other business properties have not been impacted by this.

Share and Enjoy:
  • Digg
  • Sphinn
  • del.icio.us
  • Facebook
  • Mixx
  • Google Bookmarks

Entry Information

Filed Under: Industry News

RSSPost a Comment  |  Trackback URL