Network Solutions has admitted that they found malicious code on multiple E-commerce servers hosted for merchants' websites. Network Solutions claims that they have since removed the unauthorized code, and that no networksolutions.com servers were affected. That's of little consolation to those business sites that were compromised.
More than 570,000 credit card numbers may have been breached between March 12 and June 8, 2009, although Network Solutions states that they have not received any reports that the data has been misused, and in any event, they claim customers shouldn't worry about it because the issuing banks won't hold customers liable for any fraudulent transactions.
Sorry, Network Solutions, but that's not good enough. Please explain how the malicious code was able to be planted on multiple servers, and let us know which of your control failures led to nearly three months of this code running before you finally figured out that you had a problem.
I've said it repeatedly - until the penalty for exposing personal information is greater than the downstream costs of breach response (credit monitoring, etc.), companies will continue to violate the trust of their customers.
When Network Solutions advises "credit card issuing companies generally will not hold our merchants’ customers liable for any fraudulent purchases made using their credit card account numbers that are reported in a timely way to the issuer", who do they think pays for those fraud costs? Eventually, it's distributed among all of the issuing banks' customers in the form of higher fees and account costs.
So, Network Solutions, not only do your customers end up incurring higher costs because of your negligence, but so do all of the other customers with accounts at the same financial institutions. You not only screwed your customers, but also the rest of us who were smart enough not to use Network Solutions for their e-commerce and domain hosting services.
You can send Network Solutions a message that security of personal information is important by pulling any domain hosting or other services from them and switching to another provider. But Network Solutions would prefer that you simply let them worry about security. After all, they do an OK job, and regardless, what could possibly go wrong?
Updated Aug 2, 2009 @ 7:25 PM: You'll be pleased to know that Network Solutions is searching the Twitter to see who has Tweeted about them, and they noted my entry and therefore sent the following - netsolcares @kpshea Network Solutions deeply regrets this unfortunate incident. Real time assistance to customers @ http://cli.gs/gvqE7b #jw
I remain perturbed and am now annoyed at the extent of their damage control. If only they had expended this much effort protecting their data in the first place.
Image by ShashiBellamkonda via flickr
No comments:
Post a Comment
Please tell me what you think.