I guess there is truth in the saying that the devil is in the details. If anyone ever tries to tell you that their product or service is 100% secure you have my permission to smack them with a large fish (not an actual permission slip). That being said, it is good to tackle the issues straight on when you’ve been hacked. In this case the storage manufacturer LaCie was breached by a nefarious third party who managed to set up shop on their internal network well over a year ago.
So, how did they know that they were breached? Well, apparently when the FBI came calling. That could not have been a comfortable conversation. I would have hated to have been in the shoes of the person responsible for network security at LaCie after that meeting.
LaCie rallied and brought in a forensics firm to go spelunking through the network to see what went wrong.
From LaCie press release:
Based on the investigation, we believe that transactions made between March 27, 2013 and March 10, 2014 were affected. The information that may have been accessed by the unauthorized person may include customers’ names, addresses, email addresses, and payment card numbers and card expiration dates. Customers’ LaCie website user names and passwords could also have been accessed, which is why we required a reset of all passwords.
In August 2012 Seagate announced that they had taken a controlling interest in Paris based LaCie. The French company continued to manage their own networks apparently.
So, what to do? Did you buy something from LaCie's online store in the last year? No? Then you're fine. Breathe into a paper bag. If you have be sure to check your credit card statements for erroneous purchases. This is a good practice to get into at any rate as a breach could happen anywhere and anytime.
What to do if you're a company in possible situation like this? Review your log files, intrusion detection systems and egress filtering. I know, it can be a dull exercise for an admin to comb through logs but, suck it up buttercup. You will thank me later.
The part that did stick out to be about the LaCie breach was that, unlike other companies that were breached in similar incidents, they offered no credit monitoring services to affected customers. They did however point to...free ones.
Is your company compromised? Assume yes and build from there.
(Image used under CC from Michael Sanger)