Dear Sir: Your Credit Card Number Has Been Owned

An anonymous reader submits: "California has become the first state in the nation to require companies victimized by malicious computer attacks to disclose what might have been compromised to their customers. Dubbed the Security Breach Information Act, companies whose systems are cracked and have credit card, bank account, and/or other significant customer data stolen are required to report the intrusion either by email, snail mail, a notice on their website, or by notification to the news media. Law takes effect Tuesday, July 1 (tomorrow)."

"Update:"

[shawnywany]

"All your base is now belong to them."

MS Bank v1.1

for i in `select * from users`; do
/usr/sbin/sendmail $i.email < sorry.txt
done

Re:MS Bank v1.1

apparently MS Bank runs on unix. in a bash shell...

right... sher...

Security Breach

"Umm, I would send out notices, but it appears that the crackers overwrote the mailing addresses of our entire userbase with 123 Sesame Street."

tonight....

[cdf12345]

guess we know what state hax0rs will target tonight, trying to be the first to make a company "go public"

way better that IPO'S!

a notice on their website?

[itallushrt]

Does anyone actually expect american express or a similar large company to post publicly on thier website that they were 0wnz3rd?

If so are they going to post a list of everyone who's information was possibly lifted?

I can just see the conversation on 1337 IRC chans

[Pento]

(Translated to English, for readability purposes only.)

1337 h4xxor> The company I broke into published it in the morning newspaper!!!1!1!
5kr1p7 k1dd13> That's nothing!1!! I made the evening news!11!!!1!1

Correction: 0wnx0r3d

[dupper]

Aha, spelling Nazis, now the shoe is on the other foot!

What's worse?

[MoeMoe]

companies whose systems are cracked...are required to report the intrusion either by email, snail mail, a notice on their website, or by notification to the news media.

Now I'm not sure what I should be more afraid to find in my email, this or spam....

Law takes effect Tuesday, July 1 (tomorrow)."

[djupedal]

Increased costs take effect Wednesday, July 2 (the day after the day tomorrow).

Re:I Remember when...

[frodo+from+middle+ea]

Exactly, I mean think of all those slashdot users, who had stored their credit card numbers on slashdot.

Need another law

Informing customers prior to account signup/transaction about whether or not information prone to identity theft is to be entrusted to some third world nation.

I definitly want to know who I'm doing business with.

MOD PARENT DOWN : -1, IDIOT DUMBASS

AC IDIOT

I'm curious...

[mabu]

Do you think that a little "This site powered by Windows 2000" icon on the bottom of the page be considered appropriate notification?

Re:Moving Out Of California

degree in CS?.... Find work??.... HHAAAA HAHAHAHA AHAHA

Thats a good one!

BUSINESS PLAN

[goon+america]

This is just an attempt to sell Microsoft a lot of stamps.

Gray Davis Angriest at these Thefts

[org.earth.Citizen]

Between the time the company notifies you and you receive your new card in the mail, that's damn near 14 days of sales tax he can't collect on purchases you might make

Bad/no credit to the rescue!

[Kyn]

The _only_ sure-fire way to prevent getting your CC# stolen is to not have a CC to start with. But that still doesnt protect you from identity theft as someone can open a card in your name if they have your SSN from somewhere.

Ha! Finally, having bad/no credit is advantageous! They'll never be able to get a card in my name! Bwahaha!

Re: sorry.txt

Dear Sir

Our main server (Windows 98) was hacked this morning. Our database (MS Access 97) has been compromised. Our security supervisor (MS Bob) was not able to detect the intrusion in time.

Please excuse us: here are the data that has been compromised, we recommend you to change it...

You name
SS number
Credit card number
phone number
email

We would like you to know that, due to this attack, we upgraded our system. We now use Windows ME and Office XP

Thank you for you attention...

But I thought information wants to be FREE!

[goldspider]

This is NOT theft! There was no loss of property, and therefore no financial loss either!

These credit card numbers weren't 'stolen', they were LIBERATED!

OT, but worth a laugh

[Anonymous+Brave+Guy]

Can you just bury it somewhere on the website which is the equivalent of a disused lavatory in an unlit basement with no stairs and a sign on the door saying "Beware of the Leopard"?

While on holiday in the Lake District a while back, some friends and I were going up to the top of Scafell Pike, the highest point in England. One of the paths was particularly treacherous, very steep and with lots of stones that slipped under foot. (Not good for those of us uncomfortable with heights!) After a few hundred metres, we got to the top of the path, only to find a sign there, facing toward anyone who was about to go down it.

It said, "Danger of death! Path under reconstruction! Keep off!"

We were suitably impressed. :-)