[ISN] DSW Shoe Warehouse Reports Customer Data Theft

[InfoSec News]

Forwarded from: Harlan Carvey <keydet89 at yahoo.com>

According to this article (and I'm not assuming that it's complete or
accurate), RV seems to think that a "hacker" broke in and stole data
for no other reason than credit card companies are reporting
fraudulant activity on customer's accounts...do others read this the
same way?  Do you take away the same thing from the article?

If so...investigations by the outside security firm and the USSS are
not complete.  So how do they know?  If the investigations aren't
complete, why are they saying something as definitive as that?  After
all, the statement seems to have come from their general counsel.

I guess one way to look at it is that by saying a "hacker" did it,
they can claim that this "hacker" was smart enough to outwit the
assembled forces within RV, and steal the data.  You know...like the
T-Mobile hack - the one involving the unpatched server that some
manager made the business decision to leave unpatched...


--- InfoSec News <isn at c4i.org> wrote:
> http://www.washingtonpost.com/wp-dyn/articles/A17831-2005Mar8.html
> 
> By Jonathan Stempel
> Reuters
> March 8, 2005
> 
> Retail Ventures Inc., Tuesday announced the theft of credit card and
> purchase data of customers at 103 of its 175 DSW Shoe Warehouse
> stores and said some fraudulent activity has been conducted since
> the theft.
> 
> The theft is the latest reported instance in recent weeks in which
> customers' personal data was stolen or lost. Other companies to
> report such problems include Bank of America Corp. and ChoicePoint
> Inc., where the thefts involved thousands of individuals' data.
> 
> Columbus, Ohio-based Retail Ventures said customer data was stolen
> mainly over the past three months, though it was unable to say how
> many customers were affected. It said it discovered the theft late
> last week.