The dangers of unencrypted data

December 10, 2014 |

Encryption of data, both in stored form as well as when transferered, is becoming a necessary part of proper data security.  It is optimistic in the extreme to assume that firewalls, anti virus software and other forms of cyber security will keep out all hacking attacks.  It is even more optimistic that a staff member or three won’t open an email containing malware or be the victim of social engineering, thereby giving an intruder access to the internals of an organisation. For most non ideological intruders that means data which can produce financial gain.  The need for encryption and internal processes to deal with a breach is highlighted in Unencrypted Data Lets Thieves ‘Charge Anywhere’   which provides:

Charge Anywhere LLC, a mobile payments provider, today disclosed that malicious software planted on its networks may have jeopardized credit card data from transactions the company handled between November 2009 and September 2014.

In a statement released today, the South Plainfield, N.J. electronic payment provider said it launched investigation after receiving complaints about fraudulent charges on cards that had been legitimately used at certain merchants. The information stolen includes the customer name, card number, expiration date and verification code.

“The investigation revealed that an unauthorized person initially gained access to the network and installed sophisticated malware that was then used to create the ability to capture segments of outbound network traffic,” the company explained. “Much of the outbound traffic was encrypted. However, the format and method of connection for certain outbound messages enabled the unauthorized person to capture and ultimately then gain access to plain text payment card transaction authorization requests.”

Charge Anywhere said it believes that “only files containing the segments of captured network traffic from August 17, 2014 through September 24, 2014 were identified,” although the company allowed that the unauthorized person had the ability to capture network traffic as early as November 5, 2009.

The incident is the latest reminder of what happens to businesses that handle credit card data and other sensitive information and yet fail to full encrypt the data as it traverses their network. The company has provided a searchable list of merchants who may have been affected by the breach.

One Response to “The dangers of unencrypted data”

  1. The dangers of unencrypted data | Australian Law Blogs

    […] The dangers of unencrypted data […]

Leave a Reply