[ISN] Hacker gains access to Bisons fans' Web data

InfoSec News isn at c4i.org
Wed Mar 15 03:23:02 EST 2006


News Staff Reporter
A computer hacker recently gained access to sensitive financial
information - including credit card numbers - on the Buffalo Bisons'
Web site, the team is warning its customers.

The Secret Service, with the assistance of the FBI, is investigating
the security breach, which occurred last month. So far, the Bisons say
they have no indication that the intruder has misused any of the
ill-gotten data.

The team has set up a toll-free number for people to call for more
information and has notified the four credit card companies that are

"We apologize for any inconvenience this situation has caused any of
our fans," the team said in a statement.

Choice One Online, which hosted the Bisons' Web site at the time of
the breach, said that it has hired the VeriSign global Internet
security firm to conduct its own investigation into the security

"VeriSign did confirm that we caught it early enough that damage, if
any, will be next to nothing," said Keith Radford Jr., director of
Choice One Online.

Employees of the Bisons and Choice One noticed the breach about Feb.  
13, according to the team and Radford.

An intruder got into the Choice One system and uploaded a program that
gave this person access to names, passwords, financial data and other
information collected from customers who ordered items through
Bisons.com, the Bisons said in a letter to customers.

The intruder accessed the information on the Bisons' Web site, the
Bisons said, but so far, there is no evidence that this information
was misused in any way.

The Bisons are cooperating in the investigation by the federal
agencies and by VeriSign, according to the team's statement.

The Bisons mailed out the letters to any potentially affected Web
customers shortly after learning of the breach, said Mike Buczkowski,
the team's general manager. He would not say how many customers might
have been affected.

The Bisons and Choice One changed their passwords and shut down the
computer servers that were infiltrated, and the team notified American
Express, Discover, MasterCard and Visa about the breach.

The Bisons are warning their Internet customers to monitor statements
from their financial institutions and notify their credit card or
debit card companies that their accounts might have been compromised.  
The toll-free number the team set up for customers is (800) 380-1447.

Choice One, a Buffalo Internet services company, said the VeriSign
investigation will show the full extent of the damage caused by the
breach, which Radford described as "minimal."

The company is beefing up its security measures in response to the
incident, he said.

Choice One and the Bisons no longer are working together, a move that
Buczkowski said is not related to the security breach.

The team last July began talking with Major League Baseball Advanced
Media about hosting the Bisons' Web site, he said, and the switch went
into effect last month.


More information about the ISN mailing list