WHID 2005-62: Guidance Software
3,800 customer credit-card numbers were stolen in the attack on Guidance Software web site. This incident is made more severe since Guidance software is a provider of software for investigating security breaches and many of its clients are security and law enforcement agencies, some of them known to be affected.
As usual in such cases the actual way in which the information was stolen was not disclosed. A federal trade commission report on the incident, published only in 2007, revealed that the incident was a result on an SQL injection attack on Guidance servers. In a settlement with the FTC, Guidance agreed to implement a comprehensive information security program, including independent, third-party audits every other year for the next ten years.
Additional information:
- United States Of America Federal Trade Commission In The Matter Of Guidance Software, Inc. [Federal Trade Commission, Apr 1 2007]
- Guidance Software Investigating Stolen Data [Internet News, Dec 20 2005]
- FTC Approves Final Guidance Settlement [Internet News, Apr 3 2007]
