Personnel Today
  • Home
    • All PT content
    • Advertise
  • Email sign-up
  • Topics
    • HR Practice
    • Employee relations
    • Equality, diversity and inclusion
    • Learning & training
    • Pay & benefits
    • Wellbeing
    • Recruitment & retention
    • HR strategy
    • HR Tech
    • The HR profession
    • Global
    • All HR topics
  • Legal
    • Case law
    • Commentary
    • Flexible working
    • Legal timetable
    • Maternity & paternity
    • Shared parental leave
    • Redundancy
    • TUPE
    • Disciplinary and grievances
    • Employer’s guides
  • AWARDS
    • Personnel Today Awards
    • The RAD Awards
  • Jobs
    • Find a job
    • Jobs by email
    • Careers advice
    • Post a job
  • XpertHR
    • Learn more
    • Products
    • Pricing
    • Free trial
    • Subscribe
    • XpertHR USA
  • Webinars
  • OHW+

Personnel Today

Register
Log in
Personnel Today
  • Home
    • All PT content
    • Advertise
  • Email sign-up
  • Topics
    • HR Practice
    • Employee relations
    • Equality, diversity and inclusion
    • Learning & training
    • Pay & benefits
    • Wellbeing
    • Recruitment & retention
    • HR strategy
    • HR Tech
    • The HR profession
    • Global
    • All HR topics
  • Legal
    • Case law
    • Commentary
    • Flexible working
    • Legal timetable
    • Maternity & paternity
    • Shared parental leave
    • Redundancy
    • TUPE
    • Disciplinary and grievances
    • Employer’s guides
  • AWARDS
    • Personnel Today Awards
    • The RAD Awards
  • Jobs
    • Find a job
    • Jobs by email
    • Careers advice
    • Post a job
  • XpertHR
    • Learn more
    • Products
    • Pricing
    • Free trial
    • Subscribe
    • XpertHR USA
  • Webinars
  • OHW+

Economics, government & businessSupplier News

CitySights card hack could generate PCI DSS fallout says Imperva

by Personnel Today 5 Jan 2011
by Personnel Today 5 Jan 2011

Reports that the Web site of a New York-based tour firm has been hacked and around 110,000 bank card details lifted by hackers may have repercussions for the company on the PCI DSS front, says Imperva.

According to Amichai Shulman, chief technology officer with the data security specialist, the hack itself occurred via a SQL Injection attack. In such an attack, the hacker gains illegal access to information in the database. As media reports have shown, the hacker launched the attack on September 26 over a 3 week period obtaining over 100K credit card details including the account number, expiration date, CVV2, and other personal identifying information such as home and email addresses. Shulman’s team had investigated this attack, and what they found was an Indonesian hacker’s blog listing numerous websites vulnerable to attack, including the site of CitySights. Interestingly enough, the blog’s entry was dated September 9th – more than two weeks prior to the initial attack campaign.

While this case clearly illustrates the security misgivings the company suffered from, CitySights may also be in breach of the PCI DSS industry regulation. The PCI regulation, mandated by major credit-card processing companies such as Visa and Mastercard, defines the required security controls to be placed on the storage and processing of credit cards. The PCI regulation includes specific requirements in regards to the storage of unencrypted credit card data as well as prohibiting the storage of sensitive authentication data (CVV2) all together.

Since the hacker was able to gain access to this data, “may indicate that the firm’s data security practices are not aligned with PCI DSS requirements”, Shulman proceeds to say.

The tour company had offered a 50% discount voucher to its affected customers. Ironically enough, Shulman says, they posted the discount code online, making it in short available for anyone.

For more on the CitySights card database hack: http://bit.ly/fYK8Ro

Personnel Today
Personnel Today

Personnel Today articles are written by an expert team of award-winning journalists who have been covering HR and L&D for many years. Some of our content is attributed to "Personnel Today" for a number of reasons, including: when numerous authors are associated with writing or editing a piece; or when the author is unknown (particularly for older articles).

previous post
Two-thirds of small firms do not offer pension schemes
next post
7 out of 10 graduates not confident in 2011 jobs market

You may also like

Workers worse off as inflation hits double figures

17 Aug 2022

Liz Truss comments on Civil Service dismissed as...

12 Aug 2022

Ministers release guidance to clarify UK employment status...

28 Jul 2022

Inflation reaches 9.4%, but pay awards well behind

20 Jul 2022

Employment and equalities ministers quit Boris Johnson’s cabinet

6 Jul 2022

Inflation in May 2022 at 40-year high, as...

22 Jun 2022

Setback for civil servants’ union in bid to...

10 Jun 2022

Future of work under Labour: Justin Madders talks...

9 Jun 2022

Corporate reporting and audit regime will reduce risk...

31 May 2022

Davos 2022: ‘Invest in social jobs to save...

27 May 2022
  • 6 reasons why work-based learning is better than traditional training PROMOTED | A recent Fortune/Deloitte survey found that 71% of CEOs are anticipating that this year’s biggest business disrupter...Read more
  • Strengthening Scotland’s public services through virtual recruiting PROMOTED | This website is Scotland's go-to place for job seekers looking to apply for roles in public services...Read more
  • What’s next for L&D? Enter Alchemist… PROMOTED | It’s time to turn off the tedious and get ready for interactive and immersive learning experiences...Read more
  • Simple mistakes are blighting the onboarding experience PROMOTED | The onboarding of new hires is a company’s best chance...Read more
  • Preventing Burnout: How can HR help key workers get the right help? PROMOTED | Workplace wellbeing may seem a distant memory...Read more

Personnel Today Jobs
 

Search Jobs

PERSONNEL TODAY

About us
Contact us
Browse all HR topics
Email newsletters
Content feeds
Cookies policy
Privacy policy
Terms and conditions

JOBS

Personnel Today Jobs
Post a job
Why advertise with us?

EVENTS & PRODUCTS

The Personnel Today Awards
The RAD Awards
Employee Benefits
Forum for Expatriate Management
OHW+
Whatmedia

ADVERTISING & PR

Advertising opportunities
Features list 2022

  • Facebook
  • Twitter
  • Instagram
  • Linkedin


© 2011 - 2022 DVV Media International Ltd

Personnel Today
  • Home
    • All PT content
    • Advertise
  • Email sign-up
  • Topics
    • HR Practice
    • Employee relations
    • Equality, diversity and inclusion
    • Learning & training
    • Pay & benefits
    • Wellbeing
    • Recruitment & retention
    • HR strategy
    • HR Tech
    • The HR profession
    • Global
    • All HR topics
  • Legal
    • Case law
    • Commentary
    • Flexible working
    • Legal timetable
    • Maternity & paternity
    • Shared parental leave
    • Redundancy
    • TUPE
    • Disciplinary and grievances
    • Employer’s guides
  • AWARDS
    • Personnel Today Awards
    • The RAD Awards
  • Jobs
    • Find a job
    • Jobs by email
    • Careers advice
    • Post a job
  • XpertHR
    • Learn more
    • Products
    • Pricing
    • Free trial
    • Subscribe
    • XpertHR USA
  • Webinars
  • OHW+