Close
  • Latest News
  • Artificial Intelligence
  • Video
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
Read Down
Sign in
Close
Welcome!Log into your account
Forgot your password?
Read Down
Password recovery
Recover your password
Close
Search
Logo
Logo
  • Latest News
  • Artificial Intelligence
  • Video
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
More
    Home Cybersecurity
    • Cybersecurity
    • Database
    • Networking
    • Storage

    IEEE Reports Breach of 800 Engineers’ Credit Card Data

    Written by

    Fahmida Y. Rashid
    Published March 31, 2011
    Share
    Facebook
    Twitter
    Linkedin

      eWEEK content and product recommendations are editorially independent. We may make money when you click on links to our partners. Learn More.

      The Institute of Electrical and Electronics Engineers has notified more than 800 of its members that their credit card and other personal information were stolen from a member database.

      The engineering society acknowledged the Nov. 17 breach to the New Hampshire attorney general on Feb. 24. Attackers may have obtained access to credit card information and the associated names for approximately 828 IEEE members, according to a letter IEEE sent to members.

      The November hack was described in the letter as a “sophisticated network intrusion” by a third-party. The draft form of the letter was sent to the New Hampshire attorney general’s office.

      The IEEE discovered the breach and reported it to the FBI in December, according to the letter. A team of forensic investigators identified which data were missing on Feb. 10. The team also found and fixed security vulnerabilities that allowed the attackers to penetrate the system, Nathaniel Akerman of law firm Dorsey and Whitney wrote in the letter.

      With over 400,000 members globally, IEEE claims on its Website to being the “world’s largest technical professional society.” Members work in varied fields such as aerospace, information technology, nuclear engineering, robotics and manufacturing.

      According to the letter, only one of the affected members was a New Hampshire resident, but New Hampshire’s mandatory breach-notification laws requires organizations to report all breaches to the attorney general’s office if it involves any of the state’s residents. There are similar laws in over 38 states.

      Maryland’s attorney general’s office has also been notified. The office declined to say how many affected members were Maryland residents.

      The IEEE had obtained credit card information for members when they had registered for an IEEE conference, the letter sent to affected members said. According to the letter, it appears that the card identification number (also known as CSC, CVC and CID numbers), the three-digit code usually found on the back of the card, was also among the information stolen. The stolen information included the credit card number, cardholder name, expiration data and the CID code.

      This raises some questions about IEEE’s data storage procedures. Storing the CID is a violation of the PCI DSS (Payment Card Industry Data Security Standard), under PCI DSS Requirement 3.2.2 as listed on the PCI Security Standards Council Website.

      The actual credit card number is also supposed to be stored as an encrypted value, such as a strong one-way hash or using strong cryptography, mandated by PCI DSS 3.4 requirement. It’s not clear at this time how IEEE stored the credit card numbers, but the CID information should not have been stored in the first place. Most organizations tend to ask for the code and use it for validating the transaction, but they do not save it in their systems.

      IEEE encouraged members to check their credit card statements carefully, cancel current cards and check their credit information. IEEE also offered a one-year subscription to LifeLock credit-monitoring service.

      It also remains unclear whether the attackers just hit IEEE looking for credit card information and other personal information, or if there was another motive. Many IEEE members work in sensitive industries and organizations.

      Fahmida Y. Rashid
      Fahmida Y. Rashid

      Get the Free Newsletter!

      Subscribe to Daily Tech Insider for top news, trends & analysis

      Get the Free Newsletter!

      Subscribe to Daily Tech Insider for top news, trends & analysis

      MOST POPULAR ARTICLES

      Artificial Intelligence

      9 Best AI 3D Generators You Need...

      Sam Rinko - June 25, 2024 0
      AI 3D Generators are powerful tools for many different industries. Discover the best AI 3D Generators, and learn which is best for your specific use case.
      Read more
      Cloud

      RingCentral Expands Its Collaboration Platform

      Zeus Kerravala - November 22, 2023 0
      RingCentral adds AI-enabled contact center and hybrid event products to its suite of collaboration services.
      Read more
      Artificial Intelligence

      8 Best AI Data Analytics Software &...

      Aminu Abdullahi - January 18, 2024 0
      Learn the top AI data analytics software to use. Compare AI data analytics solutions & features to make the best choice for your business.
      Read more
      Latest News

      Zeus Kerravala on Networking: Multicloud, 5G, and...

      James Maguire - December 16, 2022 0
      I spoke with Zeus Kerravala, industry analyst at ZK Research, about the rapid changes in enterprise networking, as tech advances and digital transformation prompt...
      Read more
      Video

      Datadog President Amit Agarwal on Trends in...

      James Maguire - November 11, 2022 0
      I spoke with Amit Agarwal, President of Datadog, about infrastructure observability, from current trends to key challenges to the future of this rapidly growing...
      Read more
      Logo

      eWeek has the latest technology news and analysis, buying guides, and product reviews for IT professionals and technology buyers. The site’s focus is on innovative solutions and covering in-depth technical content. eWeek stays on the cutting edge of technology news and IT trends through interviews and expert analysis. Gain insight from top innovators and thought leaders in the fields of IT, business, enterprise software, startups, and more.

      Facebook
      Linkedin
      RSS
      Twitter
      Youtube

      Advertisers

      Advertise with TechnologyAdvice on eWeek and our other IT-focused platforms.

      Advertise with Us

      Menu

      • About eWeek
      • Subscribe to our Newsletter
      • Latest News

      Our Brands

      • Privacy Policy
      • Terms
      • About
      • Contact
      • Advertise
      • Sitemap
      • California – Do Not Sell My Information

      Property of TechnologyAdvice.
      © 2024 TechnologyAdvice. All Rights Reserved

      Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.

      ×