Egghead.com: Credit Card Info Safe from Prying Eyes

Amid initial concerns that 3.7 million credit card numbers were poached by a
hacker at Egghead.com Inc.’s site, the firm’s skipper moved to allay those
fears Monday.


In a statement, Chief Executive Officer Jeff Sheahan said an
internal investigation, aided by the Federal Bureau of Investigation and
forensic security firm Kroll Associates, revealed that his company’s
security systems interrupted the hacker intrusion while it was in progress.


Evidence of a hacker intrusion was first announced by Egghead.com December 22 when it informed its customers of the potential problem. The
company spent a full two weeks surveying its servers, major credit
card companies and banks to learn of any fraudulent use.


Sheahan also said that despite the initial reports that open season could be
declared on 3.7 million card numbers, new reports from the credit card
companies Egghead.com works with suggest that fewer than 7,500 credit card
accounts in its system have shown suspected fraudulent activity.


“It is possible that this activity may be related to credit card theft
elsewhere,” Sheahan said. “The evidence Kroll Associates and our team have
gathered to date suggests that neither these, nor any other credit card
numbers, were obtained from our site.”


Egghead.com spokesperson Joanne Sperans Hartzell talked about the breach and
the decision to announce it with InternetNews Radio Monday.


“Certainly, once somebody gets into your systems and you see them trying
to hop around from one system to another, that raises the flag,” said
Sperans Hartzell. “While the database is not accessible from the Internet
it’s accessible from some of our other servers, so what we were looking at
was intrusive activity that was hopping around trying to get to things that
were not accessbile from the Internet.”


Sperans Hartzell said her firm felt that alerting customers three days
before Christmas was the right thing to do in spite of “bearing the wrath of
negative PR” and angry customers.


But while Egghead.com was acting in good faith, some feel that the company
wrong to store credit card numbers on servers, a practice that Paul
Verhoeff, chief executive officer of online travel
booking firm Tripeze.com, told InternetNews.com is insecure.


InternetNews Radio Host Brian McWilliams contributed to this story.

Get the Free Newsletter!

Subscribe to our newsletter.

Subscribe to Daily Tech Insider for top news, trends & analysis

News Around the Web