Breach at Security Vendor Shocks Industry

By Lisa Vaas  |  Posted 2006-01-09 Print this article Print

Security and law enforcement professionals are appalled that their personal information was leaked by Guidance Software.

Security and law enforcement professionals are appalled that their personal information was leaked by Guidance Software, a security software and training company they say should have known better than to leave an unencrypted database exposed on the Internet.

"I was shocked that a company like Guidance would be this sloppy," said Peter Garza, CEO of EvidentData, a computer forensics and network security company that counts itself among Guidances customer base. "My first response was that I was shocked they would have an unencrypted database that was accessible via the Internet," Garza said. "I would think any vendor that has a system connected to the Internet would be more responsible, but as a security company, [Id think] theyd be even more adept."

Guidance last month sent a letter to its customers advising them that on Dec. 7 it discovered a security breach on its customer records database. This wasnt your typical breach—this was a crime Guidance customers described as being of national security proportions. The database contained credit card numbers of some 3,800 people, including investigative professionals from the National Security Agency, FBI and CIA, as well as heads of law enforcement worldwide.

Guidance stated in its letter that it believed that the compromised database contained names, addresses, credit card numbers and expiration dates. Most troublesome was the exposure of credit card verification numbers, given that it is illegal to retain that data in the first place.

Lisa Vaas is News Editor/Operations for and also serves as editor of the Database topic center. Since 1995, she has also been a Webcast news show anchorperson and a reporter covering the IT industry. She has focused on customer relationship management technology, IT salaries and careers, effects of the H1-B visa on the technology workforce, wireless technology, security, and, most recently, databases and the technologies that touch upon them. Her articles have appeared in eWEEK's print edition, on, and in the startup IT magazine PC Connection. Prior to becoming a journalist, Vaas experienced an array of eye-opening careers, including driving a cab in Boston, photographing cranky babies in shopping malls, selling cameras, typography and computer training. She stopped a hair short of finishing an M.A. in English at the University of Massachusetts in Boston. She earned a B.S. in Communications from Emerson College. She runs two open-mic reading series in Boston and currently keeps bees in her home in Mashpee, Mass.

Submit a Comment

Loading Comments...
Manage your Newsletters: Login   Register My Newsletters

Rocket Fuel