Following what its CEO described as a “novel and sophisticated attack on our computer network”, the US supermarket chain Hannaford Brothers has disclosed a data security breach involving the possible compromise of more than 4m credit and debit cards. 
The Perils of Outsourcing Code
A new report has highlighted the dangers of organizations outsourcing the coding of their critical applications, yet failing to mandate that security must be built into these applications.
The report, produced by the European information technology analysis group Quocirca, is based on a survey of 250 IT directors, senior IT managers and C-level executives in Germany, the UK and the US. Of those organizations that admitted to being frequently hacked, all of them outsourced at least some of their coding practice, with nine out of ten organizations outsourcing more than 40%.
Recent weeks have seen a number of high profile websites hit by a fast-growing new form of web attack. The attack, first reported by security researcher Dancho Danchev, has now expanded to hit over a million web pages; it works by taking advantage of web programming errors to inject malicious code into search results pages created by the internal search engines of the websites affected. According to Danchev, these include USAToday.com, ABCNews.com and a number of educational institutions.
Businesses have become increasingly aware of the need to have information security policies in place, with seven out of eight large businesses now claiming to have one. However, the high priority given to information security by companies does not necessarily translate into improved security awareness among employees. Increasingly, companies are realizing that in order to tighten up further on information security, they have to change the behavior of their staff.
The losses resulting from crimes perpetrated over the Internet reached an all-time high during 2007, according to the Internet Crime Complaint Center (IC3). More than 206,000 complaints were received, with around 90,000 of these being subsequently referred to law enforcement agencies. The reported losses arising from these complaints amounted to nearly $240m, which is an increase of more than $40m on the 2006 figures.
In the latest of an embarrassing series of data breaches resulting from lost disks, laptops and memory cards, the HSBC banking group has admitted that a disk containing the personal details of 370,000 customers was lost four weeks ago after being sent by courier from its offices in Southampton to Swiss Re, the world’s largest reinsurer.
