They have not even got half of anyone’s numbers in this case either. Our store installation is very very far from having basic standard security. We are even looking at services that could offer SAS70
Update:
Like I mentioned earlier, we knew where they went to get the information from, but after many hours of going through log files we also discovered what method they used to get in. Needless to say this has now been rectified. Actually rectified is very subtle in terms of what has been done. Let’s just say a portion of the store has been totally taken out. I have also put a process in place (for myself really) to stop anything like this happening in the future. I would like to tell you more about this but really I do not want to talk about security as this would open us up for areas of attack.
For those that believe we may not have been quick enough to deal with this problem or send out an email. We started investigating this within 30minutes of this happening in great depth and stopped it quickly by blocking certain areas. These measures where just temporary, as we still needed to find out what, how when, etc. This took some time and we felt we had to do this before sending out emails so we could be more correct. Once we had more information an email was sent and I got to work tracking down more details.
I would also like to say that Nick is trying to answer all your calls at present too but being a weekend just makes it harder. It seems like RC racers like ordering more in the winter
Thank You.