Guidance Software Investigating Stolen Data

Computer forensic specialist Guidance Software found itself on the receiving end of a malicious hacking attack that managed to swipe sensitive information on reportedly thousands of customers.

According to a report by the Washington Post, roughly 3,800 customer credit-card numbers were taken in the attack and officials are working with the U.S. Secret Service to investigate the crime.

Executives at the security company declined to talk to internetnews.com about the network break-in because of the ongoing investigation.

The breach is a black eye for a company providing software that tracks down and collects information on network breaches. Guidance Software’s EnCase product is used by law enforcement agencies, government investigators and Fortune 1000 companies to track down and investigate digital break-ins, as well as perform network and software audits.

According to a post at the Forensicfocus.com discussion forum, Guidance Software officials discovered hackers got past the company’s perimeter defenses and accessed one of its servers and its electronic records in November.

The post, which referenced a notice purportedly from an administrator on Guidance Software’s members-only discussion board, said the company discovered the breach Dec. 7 and shored up the weakness that allowed the attacker to compromise their defenses.

“Although this event is extremely troubling, we are confident, based on an immediate forensic analysis, that the intrusion has now been effectively terminated and our network has been secured,” the administrator’s note stated.

Greg Marshall, a computer forensic examiner for a sheriff’s office in Virginia, was one of the affected customers. A Guidance Software customer the past five years, he has yet to discover any suspect charges on his credit card since the November breach.

He believes the company has responded admirably to the breach and subsequent customer notifications, which were sent last week. It isn’t wise, he said, to rush off and make the notifications before the extent of an intrusion is known.

“An incident like this needs to be handled right from the beginning to make a successful prosecution possible,” Marshall said in an e-mail interview.

“If that means that notifications are a couple of days delayed, then so be it. I know that many of their key people are [former law enforcement officers], and it doesn’t surprise me to see them responding in this way.”

Guidance Software’s breach puts an unsavory end to a year rife with database breaches.

Several universities around the country — University of Southern California, Boston College, California State University, Chico and the University of Georgia — have reported database breaches in 2005.

In similar cases, which prompted Congressional scrutiny into better disclosure laws, ChoicePoint and LexisNexis were involved with data-theft problems of their own.

Credit check specialist ChoicePoint notified in February 145,000 individuals to be on the lookout after an ID theft ring gained access to their sensitive information.

In March, information publisher Reed Elsevier acknowledged scammers were able to trick themselves into the database records of as many as 310,000 LexisNexis customers.