Computer forensics firm's database hacked

Computerworld - The customer database of computer forensics firm Guidance Software Inc., a provider of software that diagnoses computer break-ins, has been hacked.
The Pasadena, Calif. company said in a Dec. 13 letter to its customers that the breached database contained credit card numbers of 3,800 people. The database also contained the expiration dates and card verification numbers of those credit cards as well the names, addresses and telephone numbers of the customers, according to the letter from Guidance CEO John Colbert. The database did not contain any customer financial data that could put them at risk of identify theft, he said.
"Guidance is taking this matter very seriously," Colbert said in the letter. "Upon learning of the incident on December 7, we have been working quickly to investigate the unauthorized network activity and remediate the person's method of access. The next day (December 8) we referred this incident to the U.S. Secret Service, who have begun their own investigation. Of course, our investigation is ongoing, and we will continue to cooperate fully with law enforcement in its investigation as well. To prevent any further unauthorized access of your personal information, we have also deleted all of your credit card information from our customer database."
The letter from Colbert was provided to Computerworld by Michael Kessler, president of Kessler International, a New York-based computer forensics investigation company. A Guidance spokeswoman confirmed the information contained in the letter, but declined to comment further because of the ongoing investigation.
Guidance also said it is confident, based on an immediate forensic analysis, that the intrusion was effectively terminated and its network secured. In addition, the company said it is reviewing its operations and redoubling efforts to ensure that customer information is secure.
"Our office's credit card [information] was stolen and one individual in particular had over $20,000 put on their corporate card for pay-per-click advertising at Google," Kessler said.
Four people in Kessler's office received letters from Guidance saying credit card information had been stolen, letters they got after they had already received their American Express bills.
"I got the letter Monday, Dec. 19 but Friday, [Dec. 16], I got the American Express bill and cancelled the cards. We were all scratching our heads trying to figure out how we could have had someone get our American Express Cards and we couldn't figure it out. And then Monday we got the [Guidance] letter, which they claim was sent Dec. 13. But they said they discovered [the breach] on Dec. 7.
"My question is –