Real Cases
Washington Post: Hackers Break Into Computer-Security Firm's Customer Database Dec 20 2005 02:01PM
Topi Ylinen (topi ylinen hushmail com) (1 replies)
RE: Washington Post: Hackers Break Into Computer-Security Firm's Customer Database Dec 20 2005 06:35PM
dave kleiman (dave isecureu com)


What is just *so* funny is the fact that their Vice Chairman and legal guru,
John Patzakis, has been speaking about Sarbanes Oxley in various forums.
Here is just one link from September 22 of this year;

-----------QUOTE From September 22, 2005
Sarbanes Oxley Overview Watched a good presentation of SOX this morning put
on by Guidance Software, makers of EnCase forensics and incident response

The overview, titled "True Sarbanes Oxley Compliance: How to Help Avoid
Disastrous SEC Enforcement Actions and Fines" was presented by John
Patzakis, a lawyer and Vice Chairman at Guidance. It ran about 40 minutes
and was concise and to the point. If you're interested in Sections 404, 802,
302 and 409, or if you'd like a solid overview of SOX in general I'd
recommend watching it.

-----------QUOTE From

It's more than ironic. If they indeed stored the CVV numbers it is illegal,
unethical, and outright discourteous to their customers.

Forget their marketing hype on how many users there are. If there were
roughly 3000 cards taken from the incident then let's do the math;

3000 x $500,000 = $1,500,000,000.00

So 3000 CVV numbers and a cool $500,000 per violation equals I hope Guidance
has deep, deep pockets. They'll need to sell many, many more dongles to pay
a heavy fine.

I certainly hope someone has contacted VISA and MasterCard regarding this
matter. I would think due to the number of those compromised a class action
lawsuit would be in order. It's time those using the laws, regulations, and
rules to *sell* their products and services also follow and are held
accountable to these same laws, regulations, and rules.




Forwarded from


-----Original Message-----
From: Topi Ylinen [mailto:topi.ylinen (at) hushmail (dot) com [email concealed]]
Sent: Tuesday, December 20, 2005 09:01
To: realcases (at) securityfocus (dot) com [email concealed]
Subject: Washington Post: Hackers Break Into
Computer-Security Firm's Customer Database

Hash: SHA1

Hackers Break Into Computer-Security Firm's Customer Database

Personal Data for Law Enforcement, Security Professionals Exposed

By Brian Krebs

Guidance Software -- the leading provider of software used
to diagnose hacker break-ins -- has itself been hacked,
resulting in the exposure of financial and personal data
connected to thousands of law enforcement officials and
network-security professionals.

Guidance alerted customers to the incident in a letter
sent last week, saying it discovered on Dec. 7 that
hackers had broken into a company database and made off
with approximately 3,800 customer credit card numbers. The
Pasadena, Calif.-based company said the incident occurred
sometime in November and that it is working with the U.S.
Secret Service on a more detailed investigation.

(Sorry about the split URL.)

Topi Ylinen
Moderator, Securityfocus Real Cases Mailing List
realcases (at) securityfocus (dot) com [email concealed]

Note: This signature can be verified at
Version: Hush 2.4


Concerned about your privacy? Instantly send FREE secure
email, no account required

Get the best prices on SSL certificates from Hushmail

[ reply ]


Privacy Statement
Copyright 2010, SecurityFocus