Network Solutions, one of the world’s biggest names in web hosting and domain names (”Customers around the world trust us to manage more than 7 million domains, over 1.5 million e-mailboxes, and more than 350,000 Web sites.”), has admitted its ecommerce servers have been hacked.
The breach of security at Network Solutions put over 570,000 credit cards holders at risk after a staggering 4,343 ecommerce sites hosted by Network Solutions servers were compromised.
From a UK perspective the good news is that it is only US merchants who have been affected - though, of course, if you buy from US online stores your details maybe among those intercepted by the hackers.
Network Solutions released a statement in which it said it had “identified unauthorised code on servers supporting some of our e-commerce merchants’ web sites”.
“After conducting an analysis with the assistance of outside experts, we determined that the unauthorised code may have been used to transfer data on certain transactions for approximately 4,343 of our more than 10,000 merchant web sites to servers outside the company.”
“The code may have captured transaction data from approximately 573,928 cardholders for certain periods this Spring.”
Slightly alarming is the fact that this occurred in the Spring - we are now 4 weeks into the summer. The transactions exposed took place between March 12th and June 8th 2009. Network Solutions were informed on July 13th - two weeks ago - that the data may have included credit card details. Presumably the delay was to enable Network Solutions to come up with a plan to deal with the PR disaster and the practical details of dealing with thousands of angry website merchants who will have their relationships with their customers adversely affected.
The home page of the Network Solutions website does not allude to the fact that it has suffered a massive security breach to over 40% of its ecommerce base. You have to hunt it down in the news section.
In fact, the giant has created a special website to deal with the unfortunate merchants, ironically named www.careandprotect.com.
As various US federal and state statutes require a company to inform its customers when the security of their personal information is compromised Network Solutions has taken steps to help the affected merchants do this via a third party. Merchants have to opt into a scheme for this assistance and some may not, choosing to contact customers themselves to try and preserve their relationship with their customer base.
If you are a UK consumer and have purchased anything from a US online store between March 12th and June 8th, 2009 it may be advisable to check your receipts and email the store and ask them outright if they are a Network Solutions ecommerce merchant and to confirm that they have not been affected by this hack.
Meanwhile, if you are a UK retailer using a third party shopping cart on your website you may wish to look a little closer into the company providing the service. Clearly size of the supplier is no protection.
