Network Solutions LLC is working with credit-reporting agency TransUnion LLC to assist about 4,300 online merchant clients whose customer credit card account data may have been stolen this spring.
Network Solutions reported on Friday that, “in the ordinary course of business” it identified unauthorized code that may have captured credit card account data from about 573,928 accounts from servers supporting some of the web sites of its client e-commerce merchants and transferred it to servers based outside of the company sometime between March 12 and June 8 of this year.
“On July 13, 2009, we were informed by our outside forensic experts that the data being transferred may have included credit card information,” Network Solutions says. It adds that transactions that occurred after June 8 were not exposed to the unauthorized code. Network Solutions provides web site technology and services, including web address registration, site hosting and e-commerce applications.
The company says it is cooperating with law enforcement officials in an investigation of the security breach and has not found any indication of fraudulent use of compromised credit card account data. “At this point, we have no reports or other reasons to believe that any credit card account information has been misused,” Network Solutions says on a web site it created to provide information on the security breach, CareandProtect.com. It adds: “Our customers’ ability to rely on the safety of our solutions is our highest priority. We are deeply sorry for any concern or inconvenience this may cause our merchants or their customers.”
Network Solutions has retained TransUnion to notify the consumers whose personal credit card data, including account numbers, names and addresses, may have been stolen. Provided at no cost to the merchants, TransUnion’s services include assembling mailing lists for contacting each affected merchant’s U.S.-based customers, sending these customers notifications that comply with state laws regarding security breaches and providing individual customers 12 months of free credit monitoring service.
Several postings on the CareandProtect.com site, from people who say they are merchant clients of Network Solutions but give only their first name for identification, express concerns in areas about their responsibilities regarding security breach notifications and the possibility they may be sued by consumers.
Network Solutions responded to those postings by noting that it is taking full responsibility for the security breach in the notification letters and is working to minimize any public mentions and legal exposure of the affected merchants. It also says it is considering offering credit monitoring services to consumers in Canada.
Tom Donlea, executive director of the Merchant Risk Council, an organization devoted to helping retailers manage security risks, says the Network Solutions case underscores the need for merchants to take steps to minimize security risks and ensure they implement a high level of security for the scope of their business, including the number of payment methods that they handle and the number of countries in which they serve customers.
“These sorts of cases increase the need for the different divisions of an e-commerce retailer to communicate with each other, and to let their customers know how secure their systems are,” he says.
Back...
