Shostack + Friends Blog Archive


EWeek on The Gap Breach

Lisa Vaas has a great article in eWeek, “Let’s Demand Names in Data Fumbles

That unnamed vendor should indeed be taken to task. The Gap is now in the process of contacting an enormous number of people in the United States and Canada whose information may have been compromised, and it’s providing credit reporting services to those affected for up to a year, at what surely must be a significant cost—particularly galling, given that the vendor broke the terms of an agreement that the information that wound up stolen be encrypted.

Highly worth reading. There’s a new normal emerging around breaches, and it’s going to be good for computer security.

Even if you’re a victim today, remember that there’s no way to improve except by studying what’s going wrong.

In closely related news, StoreFront Backtalk has a story about merchants suggesting that the card associations, live Visa, ought to do better. Today, they requiring merchants to hold card numbers and protect them. Why not hold less sensitive data? See “Retail Group Lobbying To Have Credit Card Data No Longer Stored .”

2 comments on "EWeek on The Gap Breach"

Comments are closed.