Record-Setting Data Breach Highlights Corporate Security Risks
Case of five men indicted Thursday for allegedly stealing more than 160 million credit card numbers, in what Justice Department calls a record size scheme, shows how hard it is for business to deal with SQL injection attacks and similar approaches.
The defendants, four Russians and a Ukrainian, are said to have stolen more than 160 million card numbers and to have inflicted hundreds of millions of dollars in financial harm to more than a dozen major companies. No audit of said costs or detailed breakdown was provided.
The indictment says that the men used a variety of hacking techniques, including SQL injection attacks, to place malware on networks, thereby obtaining login credentials and credit card numbers, known as "dumps," for sale. It also says that the men used network sniffer programs to capture credit card transaction data in real-time from payment networks. Read full story on InformationWeek
Post a comment to the original version of this story on InformationWeek