Alpha Software disclosure leads to confusion
A few days ago, Security Fix heard from a reader who received a breach notification so casual in tone that he asked me to verify whether it was for real.
Sure enough, Burlington, Mass.-based database application company Alpha Software Inc. recently told customers that a data breach had exposed their payment information. That fact was confirmed by similarly confused users posting to the company's online forum. The e-mail notice to affected customers reads:
November 9, 2009
We have been informed that there has been a security breach at the Internet Service Provider where our web site is hosted. This may have resulted in your credit card information being compromised. While it is entirely possible that your credit card information has not been stolen, in the interests of caution, we recommend that you contact your credit card provider to discuss what steps, if any, they recommend.
Going forward, we no longer store credit card information on our side. This will eliminate any risk associated with placing credit card orders on our site.
We thank you for your support and look forward to helping you build your businesses and organizations with Alpha Five Version 10.
Not only does the company straight away blame someone else for the breach, there is no apology or even sense of remorse.
This is a bit like crashing into someone's car in a parking lot, and then leaving a note on the wrecked car's windshield saying "Gee, it looks like your car got messed up. That really stinks. You might want to have a mechanic look at it. Going forward, I'll try to pay more attention to those lines on the road. This will reduce the chances of your car and mine being in the exact same place at the same time."
I reached out to Alpha Software co-chair Richard Rabins by phone and e-mail, but for the past 10 days he has declined to respond to questions about the incident. Alpha Software did not identify the ISP or the source of the breach. I checked with Alpha's hosting provider, Web.com, to see whether they'd had a breach recently that might explain this. Roseann Duran, chief marketing officer at Web.com, said the company is unaware of any problems.
"There is no security breach at all in terms of how this account has been handled," from Web.com's end, Duran said.
She noted that Alpha has been a customer for a number of years, but that recently the company was unresponsive to several e-mail and snail mail notices stating that Web.com was getting ready to "migrate" or upgrade a number of Web servers, including at least one server holding some of Alpha Software's data (Duran couldn't say whether it was Alpha's payment data or not).
November 20, 2009; 1:15 PM ET
Categories: From the Bunker , Safety Tips | Tags: alpha software breach
Save & Share: Previous: FDA targets rogue Internet pharmacies
Next: New attack targets weakness in Internet Explorer
Posted by: eteonline | November 20, 2009 2:47 PM | Report abuse
Posted by: firstname.lastname@example.org | November 21, 2009 12:34 AM | Report abuse
Posted by: email@example.com | November 21, 2009 1:18 AM | Report abuse
Posted by: gannon_dick | November 21, 2009 8:35 AM | Report abuse
Posted by: Brian Krebs | November 21, 2009 1:27 PM | Report abuse
Posted by: firstname.lastname@example.org | November 21, 2009 8:02 PM | Report abuse
Posted by: mhenriday | November 23, 2009 4:09 PM | Report abuse
Posted by: email@example.com | November 23, 2009 10:59 PM | Report abuse
The comments to this entry are closed.