Judging by the efforts they made to ensure the break-in wasn't made public, it would be obvious to me that they would make that claim. The article doesn't state that "no customer data was stolen" was a direct quote from Walmart. As their assessment was probably made on early evidence, and that evidence indicated that the attackers were after company secrets, not customer data, it probably suited their ninja lawyers just fine. Maybe the attackers went after the secrets b/c they couldn't get to the recently encrypted data... Or maybe they just wanted more data, however they had some serious cajones to try and reconnect 2 more times using other VPN accounts once they were stopped, whether they were in a foreign country or not... you'd think they would've just given up assuming they already had customer data ready to sell on the black market. -PJ
Date: Wed, 14 Oct 2009 09:26:11 -0400 From: [email protected] To: [email protected] Subject: Re: [Pauldotcom] How do they know?? Hopefully they log data access success and failures and send those logs to a centralized server. That's how I would make that claim. But I might say "all evidence indicates..." anyway. -- Dan McGinn-Combs Bert Van Kets wrote: I was just reading the story on the Wal-Mart attack in Wired : http://www.wired.com/threatlevel/2009/10/walmart-hack/ In the story they claim "no sensitive customer data was stolen". How can they be so sure? The story tells that the attacker got Admin privs, so access to all user accounts and passwords. IMHO they can encrypt all they want. It's game over. How can they make a claim that no sensitive data was stolen? Bert _______________________________________________ Pauldotcom mailing list [email protected] http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
_______________________________________________ Pauldotcom mailing list [email protected] http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
