I've said it before and I'll say it again. The individual transmission of confidential information needs to be secure, but that isn't where the problems will be. It is where that data is eventually stored.

"Hacker steals huge credit card database

December 13, 2000
Web posted at: 10:29 AM EST (1529 GMT)

(CNN) -- A hacker unsuccessfully attempted to extort money from an online credit card company after breaking into its Web site and taking thousands of credit card numbers, a company spokesman confirmed Wednesday.

The unidentified criminal managed to steal 55,000 credit card numbers from Creditcards.com, according to a report in The New York Times..." Read it all at http://www.cnn.com/2000/TECH/computing/12/13/credit.cards.com.hacked/index.html

------------------
Andy Zavoina
Opinions stated are not necessarily that of my employer.

This is a company's worst nightmare. When something like this does happen, however, the company's response to it needs to be swift, smart and decisive, and according to another article I saw about this incident, this company's response was sorely lacking.

It said, "Butts said his company contacted the FBI immediately on receiving an extortion demand from the hacker, but it did not contact any customers. “They weren’t compromised,” Butts said, adding that
there was no evidence the stolen card numbers had been used for any fraudulent purchases."

That is unbelievable to me. If the credit card numbers were in the hands of hackers, the customers WERE compromised and they should have been notified immediately. You always have to think about steps you can take to mitigate the damage, and they failed to take a very big one when they decided not to notify customers.

MSNBC article

1-City of London financial institutions have paid huge sums to international gangs of sophisticated "cyber terrorists" who have amassed up to 400 million pounds worldwide by threatening to wipe out computer systems.

Banks, broking firms and investment houses in America have also secretly paid ransom to prevent costly computer meltdown and a collapse in confidence among their
customers, according to sources in Whitehall and Washington.
http://www.nando.net/newsroom/ntn/info/060596/info50_24099.html

2-The most spectacular and well-known example was probably in 1995, when Citibank was hacked by Russian hackers, led by the 24 year-old Vladimir Levin. They were arrested while trying to transfer over $10 million. In February 1997, the infamous CCC (Computer Chaos Club) of Germany revealed how to abuse ActiveX controls (a Microsoft technology and source of numerous security vulnerabilities) to steal money from one account and put it into another.
http://www.infowar.com/hacker/99/hack_101399a_j.shtml

3-THE Law Commission has acknowledged that it is not against the law for a hacker to break into a New Zealand bank's computer system and transfer funds into his or her own bank account.

In a report on computer crime, the commission says that under section 220
of the Crimes Act 1961 it is not against the law to steal something intangible.
http://www.infowar.com/hacker/99/hack_051799b_j.shtml

4-he Financial Services Authority (FSA), the UK's financial services regulator, has told banks that they must take more care with their online security.
The warning comes after the FSA found inadequacies in defense systems against hackers on the sites of several unnamed UK Internet banks.
http://www.infowar.com/hacker/00/hack_062000a_j.shtml