Saturday, January 26, 2008

Compromised SAIC Computer Puts Corporate CC Data at Risk

Via Pogo Was Right.

On Jan. 18, the Science Applications International Corporation (SAIC) notified [.pdf] the New Hampshire DOJ that one of their computers was compromised by malware that went undetected until a "regularly scheduled inventory of software." The presence of malware was reportedly not detected because the malware "intercepted keystrokes" and evaded their security precautions. The infected computer was used in corporate customer transactions involving lease or purchase of equipment from the Environmental Equipment and Supply Division.

SAIC's report noted that they were searching for evidence as to what information the software may have captured and transmitted outside of the network, but information may have included credit card name, billing and shipping address, telephone and fax number, and credit card number and security code.

The notification provides an interesting glimpse into SAIC's cybersecurity, as they also note that although they have "a wide number" of IPs blocked for outbound transmissions, the malware may have been able to transmit to unblocked IPs.

Link.

posted by Fergie @ 1/26/2008 05:05:00 PM

0 Comments:

Post a Comment

<< Home