Wednesday, September 19, 2007

Internet Retailer security breach

I received a note from Internet Retailer letting me know that their website had been hacked, and that I should contact my credit card company to request a new card.
Kevin Hillstrom has done a good job covering the situation, and the irony of Internet Retailer magazine being hacked. from his blog: "The letter I received does offer an apology, which is appreciated. The letter gives me steps to take to protect my credit information. Internet Retailer does not offer me anything, as a loyal customer, in exchange for a very serious mistake that may significantly impact my life, no discount on a future publication, no free reports, nothing."
From PogoWasRight.org, Jack Love... added that only a portion of the company's customers were compromised because the data was pulled offline as soon as the publisher was alerted by a customer that there was a problem. This begs for further elaboration...and I found it at DarkReading, where apparently the hackers really only could access one account at a time. I'm willing to accept that.
What I am confused by, is Internet Retailer doesn't have anything on their site, they didn't send an email (yes, it might have been perceived of as phishing, but it would have alerted people), they didn't call (obviously very time consuming, as I'm assuming this was a fairly significant breach), and their letter that was dated 9/7, just got here today, 9/19. No postmark, but I'm skeptical that it really went out on that date. It'll be fascinating to see how Internet Retailer covers this.

Labels: , , ,