Skip to main content
ad info technology > computing
    Editions | myCNN | Video | Audio | Headline News Brief | Feedback  




Consumer group: Online privacy protections fall short

Guide to a wired Super Bowl

Debate opens on making e-commerce law consistent



More than 11,000 killed in India quake

Mideast negotiators want to continue talks after Israeli elections


4:30pm ET, 4/16










CNN Websites
Networks image says customer data not compromised


(IDG) -- The president and CEO of said Monday that an internal investigation into a security breach at its Web site indicates that no customer data has been compromised because of an attack on its systems.

The company, which sells computers, software, consumer-electronic equipment and other products through its Web site, said the FBI is also investigating the security breach. The internal investigation is being led by New York-based Kroll Associates, a business investigations, security and intelligence firm.

Two weeks ago, the online technology retailer disclosed that a hacker had managed to penetrate its computer systems, potentially including its customer databases, which contain credit-card numbers and other personal information.


However, in a statement issued Monday, as well as in a letter to customers, Jeff Sheahan, CEO of the Menlo Park, Calif.-based company, said evidence uncovered by Kroll "suggests that's existing security systems interrupted the intrusion while it was in progress."

Sheahan also said that reports from the credit-card companies that works with indicate that suspected fraudulent activity has been observed on fewer than 7,500 credit-card accounts that appear in its system, which contains approximately 3 million credit card numbers. INFOCENTER
Related Stories
Visit an IDG site search

"The evidence Kroll Associates and our team have gathered to date suggests that neither these, nor any other credit card numbers, were obtained from our site," Sheahan said in the statement.

Julianne Presson disagrees.

Presson, who e-mailed Computerworld from her parents' home near Berkeley, Calif., said she notified more than six months ago that her credit card number had been used by someone in Russia.

"I knew they got it from because that was the only [online company] where I used my credit card and within a week my card was debited for $26.30 for a URL in Russia that didn't even have a site up," Presson said. "I'm really angry because did not even acknowledge my message to them."

Presson said she was able to track down the hacker using NeoTrace, an Internet tracing product, and other software.

"I had to go dig to find the domain registration and get the info for the contact person," she said. "Then I e-mailed him and told him I knew what he was doing. He was shocked that I had tracked him down. He said someone had gotten lots of card numbers and to expect more charges. I wrote back and told him there would be no more charges because I had changed the card number and I was going to get a refund from the bank, the Wells Fargo Bank in Payson, Arizona. I was told by the bank this happens a lot in Russia." spokeswoman Shoreen Maghame said the company couldn't find any information that Presson had previously reported a potential security-related problem.

"This is the first security breach that we're aware of," she said.

Even if none of the credit card numbers in question were stolen from Egghead's databases, analysts said the company still has to convince consumers that its site is safe.

"The important thing here is that if these people feel they were victimized [by shopping at] they will not patronize Egghead again, no matter what happens," said Eric Hemmendinger, an analyst at Aberdeen Group in Boston.

Mark Rasch, the former head of the U.S. Department of Justice's Computer Crimes Unit, said has to persuade people to use its site in the future.

"They have to put in effective measures right away to ensure the confidentiality [and security] of consumers' credit card numbers and other personal data," said Rasch, vice president of Predictive Systems, a New York-based network infrastructure consulting firm. " has a privacy policy that says they will do just that, so they are bound by law to do so."

In its statement, Sheahan said with the assistance of Kroll Associates, has taken additional steps to increase its security in order to reduce the possibility of any further security breaches.

Hospital confirms copying of patient files by hacker
December 15, 2000
Hacker steals huge credit card database
December 13, 2000
NASA hacker pleads guilty
December 6, 2000
MS, hacker secretive about meeting
November 22, 2000
Analysis: Home workers can imperil systems
November 7, 2000

Hacking: All it takes is motivation
Europeans still wary of online card payments
Credit-card numbers exposed in extortion attempt
FBI completes rollout of corporate cybercrime program
The latest tidbits on security news
eTrue launches first biometric Internet service
Crossing the wireless security gap


Note: Pages will open in a new browser window
External sites are not endorsed by CNN Interactive.


Back to the top  © 2001 Cable News Network. All Rights Reserved.
Terms under which this service is provided to you.
Read our privacy guidelines.