RealTime IT News

Egghead.com: Credit Card Info Safe from Prying Eyes

Amid initial concerns that 3.7 million credit card numbers were poached by a hacker at Egghead.com Inc.'s site, the firm's skipper moved to allay those fears Monday.

In a statement, Chief Executive Officer Jeff Sheahan said an internal investigation, aided by the Federal Bureau of Investigation and forensic security firm Kroll Associates, revealed that his company's security systems interrupted the hacker intrusion while it was in progress.

Evidence of a hacker intrusion was first announced by Egghead.com December 22 when it informed its customers of the potential problem. The company spent a full two weeks surveying its servers, major credit card companies and banks to learn of any fraudulent use.

Sheahan also said that despite the initial reports that open season could be declared on 3.7 million card numbers, new reports from the credit card companies Egghead.com works with suggest that fewer than 7,500 credit card accounts in its system have shown suspected fraudulent activity.

"It is possible that this activity may be related to credit card theft elsewhere," Sheahan said. "The evidence Kroll Associates and our team have gathered to date suggests that neither these, nor any other credit card numbers, were obtained from our site."

Egghead.com spokesperson Joanne Sperans Hartzell talked about the breach and the decision to announce it with InternetNews Radio Monday.

"Certainly, once somebody gets into your systems and you see them trying to hop around from one system to another, that raises the flag," said Sperans Hartzell. "While the database is not accessible from the Internet it's accessible from some of our other servers, so what we were looking at was intrusive activity that was hopping around trying to get to things that were not accessbile from the Internet."

Sperans Hartzell said her firm felt that alerting customers three days before Christmas was the right thing to do in spite of "bearing the wrath of negative PR" and angry customers.

But while Egghead.com was acting in good faith, some feel that the company wrong to store credit card numbers on servers, a practice that Paul Verhoeff, chief executive officer of online travel booking firm Tripeze.com, told InternetNews.com is insecure.

InternetNews Radio Host Brian McWilliams contributed to this story.