Third-Party Data Breaches Strike Maine, Play.com and GSN
Three recent data breaches at third-party Web service providers highlight the importance of organizations making sure customer data outside of the company is protected.
Unlike the recent RSA breach or the malware-based attack on the European Commission, cyber-criminals stole information from tourists visiting Maine state parks and shoppers buying from Play.com by hitting third-party marketing companies. And some evidence indicates the recent TripAdvisor breach may also have been the result of a compromised partner and not a SQL injection attack as was previously speculated.
It's critical for organizations to identify what data they have that someone else may want, and who has access to that data, Michael Maloof, CTO of TriGeo Network Security, told eWEEK.
Tourists who bought passes for a Maine state park may have had their credit card information stolen after an online vendor's systems were infected with malware, the Associated Press reported. A malware attack on Maryland-based InfoSpherix exposed credit cards used to buy the park passes from March 21 to Dec. 22, 2010, said Jeanne Curran, a spokeswoman for Maine's Department of Conservation, on March 24. The Maine Bureau of Parks and Lands learned of the data breach in February.
Credit card numbers and expiration dates were stolen, according to Maine's Assistant Attorney General Thom Harnett. Names associated with the cards were kept on another server, which wasn't breached, he said.
The breach was limited to InfoSpherix systems, a subsidiary of San Diego-based Active Network, which offers Web services such as online registration, payment processing, donations and transactions. The rest of the state government operations remained intact, Maine officials said.
For more, read the eWEEK article: Maine, Play.com, GSN Customers Hit by Third-Party Data Breach.