Computer forensics firm's database hacked

The credit card numbers of 3,800 Guidance Software people were exposed

The customer database of computer forensics firm Guidance Software Inc., a provider of software that diagnoses computer break-ins, has been hacked.

The Pasadena, Calif. company said in a Dec. 13 letter to its customers that the breached database contained credit card numbers of 3,800 people. The database also contained the expiration dates and card verification numbers of those credit cards as well the names, addresses and telephone numbers of the customers, according to the letter from Guidance CEO John Colbert. The database did not contain any customer financial data that could put them at risk of identify theft, he said.

"Guidance is taking this matter very seriously," Colbert said in the letter. "Upon learning of the incident on December 7, we have been working quickly to investigate the unauthorized network activity and remediate the person's method of access. The next day (December 8) we referred this incident to the U.S. Secret Service, who have begun their own investigation. Of course, our investigation is ongoing, and we will continue to cooperate fully with law enforcement in its investigation as well. To prevent any further unauthorized access of your personal information, we have also deleted all of your credit card information from our customer database."

The letter from Colbert was provided to Computerworld by Michael Kessler, president of Kessler International, a New York-based computer forensics investigation company. A Guidance spokeswoman confirmed the information contained in the letter, but declined to comment further because of the ongoing investigation.

Guidance also said it is confident, based on an immediate forensic analysis, that the intrusion was effectively terminated and its network secured. In addition, the company said it is reviewing its operations and redoubling efforts to ensure that customer information is secure.

"Our office's credit card [information] was stolen and one individual in particular had over $20,000 put on their corporate card for pay-per-click advertising at Google," Kessler said.

Four people in Kessler's office received letters from Guidance saying credit card information had been stolen, letters they got after they had already received their American Express bills.

"I got the letter Monday, Dec. 19 but Friday, [Dec. 16], I got the American Express bill and cancelled the cards. We were all scratching our heads trying to figure out how we could have had someone get our American Express Cards and we couldn't figure it out. And then Monday we got the [Guidance] letter, which they claim was sent Dec. 13. But they said they discovered [the breach] on Dec. 7.

"My question is – and this is what I fault them on – they should have notified everyone by e-mail immediately so we could have put a stop on our cards."

Kessler has talked with Guidance but said the company hasn't been very cooperative.

"I've been in touch with them and I must say they were not as cooperative as I would have expected," Kessler said. "Initially, I asked them what information was taken. I told them we had to make the necessary security arrangements so we wanted to know what information was taken specifically, how they got it and so on and so forth. I've been doing investigations for 35 years and I can tell you they were evasive in their answers."

Kessler said he contacted the Secret Service as well as American Express, which is also looking into the breach.

"It's an unfortunate circumstance for everyone in the industry when something like this happens to a company that's supposed to be the foremost leader in computer forensics. They even have software that is supposed to stop hackers," he said. "I was really shocked at their response to me. They have a good product, but their administration and financial management [leaves] a lot to be desired."

Copyright © 2005 IDG Communications, Inc.

Shop Tech Products at Amazon