Unknown criminals have stolen more than 500,000 data sets containing credit card numbers from registrar and hosting provider Network Solutions. Apparently, the criminals managed to inject special code, designed to intercept transaction data, into 4,343 Network Solutions hosted merchant websites.
The injected code appears to have been activated on March 12 and was not discovered until June 8. During the period in which the code was active, details of 573,928 purchases, from web sites using the Network Solutions infrastructure, were intercepted. Details of how the attackers penetrated the system have yet to be disclosed.
Laws in many US states requiring customers affected by such cases to be informed have created an organizational nightmare for many small shop operators; not least, because the laws governing such cases vary from state to state. Network Solutions has extended these operators a helping hand, however, offering to handle informing shop owners' customers for free through a company called Trans Union that specialises in such matters.
For customers whose credit card data was stolen, Network Solutions has offered to monitor transactions for suspicious activity for 12 months, free of charge. According to the company's information page, the offer only applies to customers located within the United States. It is still not clear whether customers in other countries have been affected. While the customer FAQ states that Trans Union will also inform foreign customers, the dealers' information page specifically mentions only "US-based customers."