Cyberattack $45 million stolen

How can this happen? I guess PCI DSS is not working, although it is the prepaid debit card companies themselves that have been exploited. Apparently they are less secure than other financial institutions? But are they not financial institutions per se themselves?

They are not naming the Visa and Mastercard prepaid card companies in the US that were compromised. I wonder why 😉

I find it amazing that after the first attack in December, that there was an identical one in February. It seems to be that the ring leaders were caught, but what about all the hackers sitting behind this operation? I am sure they are still out there hacking away and getting away with it.

One Reply to “Cyberattack $45 million stolen”

  1. This comment came as a private message in FB …
    “I was about to comment on your blog but decided to write here instead.
    Someone was hacked and lost cardholder data. And you make the conclusion that PCI DSS is not working. I heard that someone died while driving a car, so seatbelts must then also be useless.” Niklas Borselius

    Niklas is clearly correct. We can’t blame PCI DSS for this, I worded it quite badly. What I wanted to state was that compliance per se does not make us secure, it just proves ‘due diligence’ nothing more.

    Often my experience has been that the ‘blanket approach’ to security, i.e. spending $M on security technologies, controls across the whole organization does not work. Alternatively to just prove ‘due diligence’ everywhere doesn’t work either. I am normally asking the question when invited to evaluate a client environment, “do we really need to spend all this money, which Line of Businesses (LoB) can ruin you if the confidentiality, integrity of the data is compromised? Where in your business do you need to only demonstrate ‘due diligence’?”

    Mapping security spend to the LoB need is key in order to ensure that the strongest security controls are implemented exactly where it will hurt when there is a breach.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.