Breach, undetected since '05, exposes data on Kingston customers
As many as 27,000 online customers may have had their data exposed
Computerworld - A September 2005 security breach that remained undetected until "recently" may have compromised the names, addresses and credit card details of roughly 27,000 online customers of computer memory vendor Kingston Technology Company Inc.
The Fountain Valley, Calif.-based company began sending letters to affected customers informing them of the incident last week.
According to a spokesman, Kingston's IT team "detected irregularities" in the company computer systems at some unspecified point in time and -- along with a team of forensic computer experts -- began investigating the issues. It was not until after that probe was completed and a final report released on May 22 that Kingston could confirm the scope of the intrusion and its impact.
"After confirming what data was accessed and who was affected, Kingston had to gather the appropriate contact information and arrange for consumer protection services and materials to notify the impacted consumers," the spokesman said.
But the company did not offer details on how or when the breach was discovered and how long it waited to notify customers about the potential compromise of data. Kingston, which had $3 billion in sales last year, also did not offer any explanation on the nature and scope of the breach itself or why it remained undetected for so long. The spokesman added that the breach is believed to have been perpetrated by an external attacker.
In an e-mailed statement, the company said it has taken "aggressive steps" to minimize any potential risk to those affected by the illegal access. The vendor said it has contracted with New York-based security consulting firm Kroll Inc. to provide services such as credit monitoring and, if needed, "identity restoration" free of charge to affected customers.
"Following the discovery of the intrusion, Kingston engaged a top computer forensics firm to conduct a thorough investigation and assist in the development of even greater levels of system security to protect against future attacks," the statement said. The company did not elaborate on what those measures were.
The note added that, for the moment at least, there is no evidence that the illegally accessed data has been misused. "Kingston has always made customer privacy a priority and deeply regrets this situation, which is the first of its kind in the nearly 20-year history of our company," it noted.
Read more about Security in Computerworld's Security Topic Center.
- Best iPhone, iPad Business Apps for 2014
- 14 Tech Conventions You Should Attend in 2014
- 10 Desktop Apps to Power Your Windows PC
- How to Add New Job Skills Without Going Back to School
- Slideshow: 7 security mistakes people make with their mobile device
- iOS vs. Android: Which is more secure?
- 11 sure signs you've been hacked
- The 12 PCI DSS 3.0 requirements addressed by Peer 1 Hosting This handy quick reference outlines the 12 PCI DSS 3.0 requirements, who needs to be compliant and how Alert Logic solutions address the...
- Defense Throughout the Vulnerability Life Cycle This whitepaper provides insight into how to leverage threat and log management technologies to protect your IT assets throughout their vulnerability life cycle.
- Mobile Policy Checklist Here's what to consider when putting together a mobile policy designed to support a highly productive workforce.
- Securing BYOD Mobile computing is becoming so ubiquitous that people no longer bat an eye seeing someone working two devices simultaneously. Individuals and organizations are...
- Live Webcast On-demand webinar: "Mobility Mayhem: Balancing BYOD with Enterprise Security" Check out this on-demand webinar to hear Sophos senior security expert John Shier deep dive into how BYOD impacts your enterprise security strategy...
- Live Webcast Endpoint Backup & Restore: Protect Everyone, Everywhere Arek Sokol from the bleeding-edge IT team at Genentech/Roche explains how he leverages cross-platform enterprise endpoint backup in the public cloud as part...
- Streamline Software Asset Management, Compose a software Management Symphony Keeping track of your organization's software is easy with effective software management solutions from CDW. View the videos in our software solutions channel
- Druva inSync: Endpoint Data Protection & Governance CLICK HERE to watch this video about protecting corporate data on laptops and mobile devices, sponsored by Druva. All Security White Papers | Webcasts