Wal-Mart was the victim of a serious security breach in 2005 and 2006 in which hackers targeted the development team in charge of the chain’s point-of-sale system and siphoned source code and other sensitive data to a computer in Eastern Europe, Wired.com has learned.
Internal documents reveal for the first time that the nation’s largest retailer was among the earliest targets of a wave of cyberattacks that went after the bank-card processing systems of brick-and-mortar stores around the United States beginning in 2005. The details of the breach, and the company’s challenges in reconstructing what happened, shed new light on the vulnerable state of retail security at the time, despite card-processing security standards that had been in place since 2001.
In response to inquiries from Wired.com, the company acknowledged the hack attack, which it calls an “internal issue.” Because no sensitive customer data was stolen, Wal-Mart had no obligation to disclose the breach publicly.
Wal-Mart had a number of security vulnerabilities at the time of the attack, according to internal security assessments seen by Wired.com, and acknowledged as genuine by Wal-Mart. For example, at least four years’ worth of customer purchasing data, including names, card numbers and expiration dates, were housed on company networks in unencrypted form. Wal-Mart says it was in the process of dramatically improving the security of its transaction data, and in 2006 began encrypting the credit card numbers and other customer information, and making other important security changes.
“Wal-Mart … really made every effort to segregate the data, to make separate networks, to encrypt it fully from start to finish through the transmission, ” says Wal-Mart’s Chief Privacy Officer Zoe Strickland. “And not just in one area but across the different uses of credit card systems.”
Wal-Mart uncovered the breach in November 2006, after a fortuitous server crash led administrators to a password-cracking tool that had been surreptitiously installed on one of its servers. Wal-Mart’s initial probe traced the intrusion to a compromised VPN account, and from there to a computer in Minsk, Belarus.
Daily Archives: October 27, 2009
The Best Summary (to date) of Taxpayer Funded Events that Lead to Goldman Sachs’ Survival and Recent Large Payouts
A few weeks ago, shortly after Goldman Sachs reported its latest blowout quarter, the firm’s chief executive, Lloyd Blankfein, spoke at a Fortune magazine breakfast.
In normal times, Mr. Blankfein might have been forgiven for bragging a bit about the just-reported quarter — over $3 billion in profit on $12 billion in revenue. It had generated some $6 billion just in one division: fixed income. It had more than $160 billion in cash or cash equivalents on its balance sheet. And of course it had long since repaid, with interest, the $10 billion it had accepted from the Treasury Department during the darkest days of the crisis.
But of course those weren’t the numbers the media and the public had focused on in the wake of Goldman’s earnings. Instead, people were fixated on the $5.3 billion the firm had set aside for its executives’ year-end bonuses. Added to first and second quarter set-asides of $4.6 billion and $6.6 billion, the firm had put aside $16 billion so far this year for employee bonuses. Nearly 50 percent of the firm’s revenue was going toward compensation. And there was still one more quarter to go!
Was it fair, commentators kept asking, that barely a year after the taxpayers had essentially saved the financial system, this firm that took government capital should now be paying multimillion-dollar bonuses? Was it right? Which, not surprisingly, is what Fortune’s managing editor, Andrew Serwer, asked Mr. Blankfein within minutes of taking the stage.
In private, Goldman executives are scornful of the sentiment behind this question. Their view, in essence, is that they should be applauded for being able to pay such big bonuses, because it means their business is successful. People who want them to pay less, they believe, want them to fail.
But Mr. Blankfein, a charming, funny man who has been Goldman’s boss since 2006, is far too smart to say that out loud. Nonetheless, what he did say was revealing. Treasury’s original decision to use the Troubled Asset Relief Program to shore up the banks’ capital, Mr. Blankfein said, “was a sensible thing to do at the time.”