PCI Compliance and the Advanced Automotive Parts Breach April 11, 2008
Posted by Jonathan Gatrell in News.Tags: Breach, compliance, PCI, Security
trackback
Evan Shulman’s headline summary of the most recent breach of Advance Automotive Parts and customer credit card information includes purchase information from 2001 says it all:
Unencrypted customer credit card information dating back to 2001 was among the customer payment data stolen from as many as 56,000 customers of Advance Auto Parts, according to one company official, who added that the chain is not PCI compliant.
This is yet another example of sensitive data leaking into the wrong hands due to lack of compliance. Data at rest continues to be a consistent problem for businesses. If you are moving sensitive data throughout your enterprise or outside of the enterprise it is important you have the right governance and security (authentication and encryption) in place to support the needs of your business to avoid these types of issue.
