NEW YORK (CNNMoney) -- Online shoe store Zappos has been hacked, exposing the names, e-mail addresses, addresses, phone numbers and partial credit card numbers of its 24 million customers, the company said late Sunday night.
Citing an "illegal and unauthorized access" to customer account information, the company reset its customers' passwords. Zappos then urged customers to change their login credentials on any other sites, for which they use the same password and username.
Date: Sun, 15 Jan 2012
From: Tony Hsieh (CEO - Zappos.com)
To: Zappos Employees
Subject: Important - Security
Dear Zappos Employees -
Please set aside 20 minutes to carefully read this entire email.
We were recently the victim of a cyber attack by a criminal who gained access to parts of our internal network and systems through one of our servers in Kentucky. We are cooperating with law enforcement to undergo an exhaustive investigation.
OrderDynamics, Canada’s leading On-Demand eCommerce Platform provider delivers Clients 100% continuous Level 1 PCI compliant solutions by integrating Hosted PCI with its eCommerce SaaS Platform.
Australia's biggest banks are posting credit card numbers in clear view on mailed customer statements in a direct violation of credit card security regulations.
Placing numbers where any mail thief could grab them is a fundamental breach of the troubled Payment Card Industry Card Data Security Standard (PCI DSS), according to sources in the industry.
The industry standard, drafted by card issuers Visa, MasterCard and American Express and enforced by banks, is a series of security rules to which any business dealing with credit card transactions must adhere.
The average cost of achieving compliance has been found to be more than £2 million, while the cost of non-compliance is almost £6 million.
Research by the Ponemon Institute and Tripwire to estimate the costs associated with an organisation's compliance efforts, evaluated the economic impact of non-compliance and if it exceeds the spend on enterprise compliance initiatives.
According to a new Ponemon Institute study sponsored by Tripwire, 46 multinational companies spend an average of $3.5 million to achieve compliance with various legal and industry mandates. The survey respondents said the Payment Card Industry Data Security Standard (PCI DSS) was both the "most important" and "the most difficult to comply with." The categories with the biggest compliance expenses included specialized technologies, incident management, and audit and assessment.
A friend sent over a link to the Lush Hack this morning. I immediately had 2 reactions. First, I love the title and the mental image it conjures up. Second, my reaction was right out of Saturday Night Live’s Weekend Update….Really!?!
If you’re a small company edging and squirming on the decision of investing in PCI compliance, then we only have one thing to say to you; what’s keeping you so damn long?
Card brand Visa, has revealed a revolutionary rise in retailers adopting the new software, which is vital for businesses to safely handle customer card data, and even more crucial in projecting a credulous business image.
Details of the hacking of the website of cosmetics retailer, Lush, and theft of potentially thousands of customer banking details are still unknown, but that is not stopping security experts from speculating.
The retailer has promised a full external forensic investigation of the security breach to ensure improved protection for customers in future.
Retailers, whether they are brick-and-mortar or Web-based, worry about the security of their customers' payment information. Having that data hacked or stolen creates a public relations nightmare and erodes the trust between the merchant and consumer. That's why adopting the Payment Card Industry Data Security Standards (PCI DSS) has become such an important issue when it comes to processing credit card information.