Red-faced Network Solutions has admitted that its secure credit card payment system was hacked for more than three months before they noticed and that more than 43 percent of stores who use the service will have had their customers’ credit card details compromised.
This means that 573,928 people across the US who made purchases on Web sites hosted by the Herndon company could be effected.
More than 4,343 of its nearly 10,000 e-commerce merchant customers were told about the hack. It affects 573,928 cardholders whose name, address, and credit card number were exposed between March 12 and June 8.
Susan Wade, a spokeswoman for Network Solutions, said that code was found on the server in early June on servers hosting e-commerce customer sites during routine maintenance. It would appear that the code had been operating for nearly three months.
A third-party forensics team to help with the investigation, and the team was able to crack some of the code on July 13, and felt that it could be related to credit card data. It appears that each credit card transaction was diverted by an unknown source from certain Network Solutions servers to servers outside the company. The code was deleted.
Police were told and customers are being notified. At this point, the company has no evidence that the data has been used, but Network Solutions is working with the credit card companies.
Credit-monitoring specialist TransUnion help the merchants notify their customers according to data breach notification laws in effect in certain states. Affected consumers will get 12 months of free credit-monitoring services and a new bolt for the stable door.
Network Solutions stores the data using encryption, but the hacker’s software appears to have transmitted information about credit card transactions as they were being completed and before the information was coded.