I'm not one to point fingers in this situation, as it can happen to anyone at anytime. But Guidance really laid an egg. Fine they got hacked, it happens. But this?

Guidance stored customer records in unencrypted databases, and indefinitely retained customers' "card value verification" (CVV) numbers, the three-digit codes on the back of credit cards that are meant to protect against fraud in online and telephone sales, according to Colbert and the notification letter sent to customers.


Merchant guidelines published by both Visa and Mastercard require sellers to encrypt customer credit-card databases. They are also prohibited from retaining CVV numbers for any longer than it takes to verify a given transaction.


Companies that violate those standards can be fined $500,000 per violation. Credit card issuers generally levee such fines against the bank that processes payment transactions for the merchant that commits the violations. The fines usually are passed on to the offending company.


Secret Service and FBI customers were among those whose information was included in the hacked database, Colbert said, but he declined to say whether credit card information belonging to those agencies was compromised.

Encase is certainly popular software. I'm sure the DB had lots of juicy little tidbits in it. Link.
posted by mt at 12:23