Skip to main content
ad info

 
CNN.com technology > computing
    Editions | myCNN | Video | Audio | Headline News Brief | Feedback  

 

  Search
 
 

 
TECHNOLOGY
TOP STORIES

Consumer group: Online privacy protections fall short

Guide to a wired Super Bowl

Debate opens on making e-commerce law consistent

(MORE)

TOP STORIES

More than 11,000 killed in India quake

Mideast negotiators want to continue talks after Israeli elections

(MORE)

MARKETS
4:30pm ET, 4/16
144.70
8257.60
3.71
1394.72
10.90
879.91
 


WORLD

U.S.

POLITICS

LAW

ENTERTAINMENT

HEALTH

TRAVEL

FOOD

ARTS & STYLE



(MORE HEADLINES)
*
 
CNN Websites
Networks image


Egghead.com says customer data not compromised

Computerworld

(IDG) -- The president and CEO of Egghead.com said Monday that an internal investigation into a security breach at its Web site indicates that no customer data has been compromised because of an attack on its systems.

The company, which sells computers, software, consumer-electronic equipment and other products through its Web site, said the FBI is also investigating the security breach. The internal investigation is being led by New York-based Kroll Associates, a business investigations, security and intelligence firm.

Two weeks ago, the online technology retailer disclosed that a hacker had managed to penetrate its computer systems, potentially including its customer databases, which contain credit-card numbers and other personal information.

MESSAGE BOARD
 

However, in a statement issued Monday, as well as in a letter to customers, Jeff Sheahan, CEO of the Menlo Park, Calif.-based company, said evidence uncovered by Kroll "suggests that Egghead.com's existing security systems interrupted the intrusion while it was in progress."

Sheahan also said that reports from the credit-card companies that Egghead.com works with indicate that suspected fraudulent activity has been observed on fewer than 7,500 credit-card accounts that appear in its system, which contains approximately 3 million credit card numbers.

IDG.net INFOCENTER
IDG.net
Related IDG.net Stories
Features
Visit an IDG site


IDG.net search



"The evidence Kroll Associates and our team have gathered to date suggests that neither these, nor any other credit card numbers, were obtained from our site," Sheahan said in the statement.

Julianne Presson disagrees.

Presson, who e-mailed Computerworld from her parents' home near Berkeley, Calif., said she notified Egghead.com more than six months ago that her credit card number had been used by someone in Russia.

"I knew they got it from Egghead.com because that was the only [online company] where I used my credit card and within a week my card was debited for $26.30 for a URL in Russia that didn't even have a site up," Presson said. "I'm really angry because Egghead.com did not even acknowledge my message to them."

Presson said she was able to track down the hacker using NeoTrace, an Internet tracing product, and other software.

"I had to go dig to find the domain registration and get the info for the contact person," she said. "Then I e-mailed him and told him I knew what he was doing. He was shocked that I had tracked him down. He said someone had gotten lots of card numbers and to expect more charges. I wrote back and told him there would be no more charges because I had changed the card number and I was going to get a refund from the bank, the Wells Fargo Bank in Payson, Arizona. I was told by the bank this happens a lot in Russia."

Egghead.com spokeswoman Shoreen Maghame said the company couldn't find any information that Presson had previously reported a potential security-related problem.

"This is the first security breach that we're aware of," she said.

Even if none of the credit card numbers in question were stolen from Egghead's databases, analysts said the company still has to convince consumers that its site is safe.

"The important thing here is that if these people feel they were victimized [by shopping at Egghead.com] they will not patronize Egghead again, no matter what happens," said Eric Hemmendinger, an analyst at Aberdeen Group in Boston.

Mark Rasch, the former head of the U.S. Department of Justice's Computer Crimes Unit, said Egghead.com has to persuade people to use its site in the future.

"They have to put in effective measures right away to ensure the confidentiality [and security] of consumers' credit card numbers and other personal data," said Rasch, vice president of Predictive Systems, a New York-based network infrastructure consulting firm. "Egghead.com has a privacy policy that says they will do just that, so they are bound by law to do so."

In its statement, Sheahan said with the assistance of Kroll Associates, Egghead.com has taken additional steps to increase its security in order to reduce the possibility of any further security breaches.




RELATED STORIES:
Hospital confirms copying of patient files by hacker
December 15, 2000
Hacker steals huge credit card database
December 13, 2000
NASA hacker pleads guilty
December 6, 2000
MS, hacker secretive about meeting
November 22, 2000
Analysis: Home workers can imperil systems
November 7, 2000

RELATED IDG.net STORIES:
Hacking: All it takes is motivation
(SunWorld)
Europeans still wary of online card payments
(IDG.net)
Credit-card numbers exposed in extortion attempt
(Computerworld)
FBI completes rollout of corporate cybercrime program
(Computerworld)
The latest tidbits on security news
(SunWorld)
eTrue launches first biometric Internet service
(Publish.com)
Crossing the wireless security gap
(Computerworld)

RELATED SITES:
Egghead.com



Note: Pages will open in a new browser window
External sites are not endorsed by CNN Interactive.

 Search   

Back to the top  © 2001 Cable News Network. All Rights Reserved.
Terms under which this service is provided to you.
Read our privacy guidelines.