The data breach at Network Solutions, where hackers broke into the company's servers and stole info on 573,000 credit cards, shows how vulnerable even the presumably Net savvy can be. Hey, if a domain registrar and Web host can have their systems breached, is anyone safe?
Of course, the counterargument is that it's usually not lack of knowledge, or a poor understanding of security issues, which leads to data breaches. It's a failure to assiduously apply proper security procedures, because those procedures form the first line of defense, and are a deterrent to all but the most determined bad actors. (I was going to say, Maginot Line, and in many cases that's apt, because it's important to note that simply having a collection of procedures in place, and passing a security audit, often give companies a false sense of security, rather than true security.)
On the plus side, Network Solutions is doing a decent crisis-management job, being has upfront about the breach. It posted a message to customers, headlined "Data Security Alert - Problem Fix and Customers Notified," which indicates that the credit card theft reported in the mainstream media was rooted in code which sucked in e-commerce transactions. Here's the money quote:
"After conducting an analysis with the assistance of outside experts, we determined that the unauthorized code may have been used to transfer data on certain transactions for approximately 4,343 of our more than 10,000 merchant websites to servers outside the company. On July 13, 2009, we were informed by our outside forensic experts that the data being transferred may have included credit card information. The code may have captured transaction data from approximately 573,928 cardholders for certain periods this spring. Exposure varied by merchant, but in all cases took place sometime between March 12, 2009 and June 8, 2009. Transactions after June 8, 2009 were not exposed to the unauthorized code. We have notified law enforcement and are working closely with them on the investigation. "