First things first, this story makes me sick because of the focus of the story and the lack of blame and shame that should be placed on Lowes. I don't condone what the boys did but I also think that the gross negligence of Lowes is reprehensible. How convenient for them to play the "victim" and divert the attention away from their idiotic business practices. What about the exposure Lowes put its customers and employees in?

This is yet another example of corporate negligence. Was someone asleep at the wheel? With a plethora of willingly ignorant or naive business users and worse yet network managers and administrators that put up open wireless access points, un-patched web servers, or managers with an acute fear of patching critical vulnerabilities because they are worried that their servers haven?t gone through weeks of regression, UAT, alpha, beta, gamma testing as to be 100% sure that nobody will point to them and say, your patch brought me down. This should tell all of us that our information never was or will be safe as long as we have elite managers suffering from analysis paralysis.

I have managed the security at five very large multi billion-dollar companies and the only company that took security serious was the bank (their put their money where their mouth was). As an information security professional I see this all the time, poor business and technology practices, lack of concern until something bad happens and then the blame game. I wonder if Lowes notified the impacted customers that their private data might have been compromised.

I'll tell you this, if I didn't have the fraud protection of VISA, I would cut up the card today and go back to the arcane practice of using cash.

My point is simple, business owners need to wake up and listen to what security experts have been trying to say for years and that is there are all kinds of people out there that if given the opportunity will steal you blind or do you harm and yes... it can happen to you too.

[ reply ]

Link to this comment: http://www.securityfocus.com/comments/articles/9281/27882#27882