post #1 of 1
Thread Starter 
This just in...

--Vt. Ski Area Data Breach Resembles Hannaford Breach
(March 31 & April 2, 2008)
The Okemo Mountain Resort Ski Area in Vermont has issued an advisory
saying that an intrusion may have resulted in more than 46,000 payment
card transactions being compromised over several weeks in February.
Some Okemo data appear to have been stolen during the transaction
authorization process, as were the data in the Hannaford Bros. breach.
The intrusion may also have compromised information on more than 18,000
credit cards used in transactions during the first several months of
2006. A forensic review concluded that systems at two other resorts
owned by the same company did not experience intrusions.
[Editor's Note (Pescatore): These types of incidents, and the MSNBC/USA
Today/Miami > Dolphins compromised web server incidents, are showing
that there are a lot of compromised servers that are starting to be put
to active cyber crime use. Good time to do some spring cleaning (I guess
"fall pruning" if you are in the southern hemisphere) to make sure
critical systems don't have rootkit or bot client issues: Compare the
installed images against known good baselines, make sure all custom apps
have been tested for the web vulnerabilities that are commonly
exploited, etc.]

Good luck and check your credit card history...


Edit: They discovered it on 22 Feb but did not report it to the public until 31 Mar. Interesting how they managed not to report it until the season was almost over.