Evan Schuman and Fred J. Aun have a well-written commentary on the recent indictment of Albert Gonzalez and two unnamed co-conspirators that highlights the questions left unanswered by the indictment, and the apparent contradictions between statements made. As one example, they write:
For example, 7-Eleven is a new name in the breach circle, and the indictment said that the $54 billion convenience store chain’s POS network files were directly—and successfully—attacked. In August 2007, “7-Eleven was the victim of a SQL injection attack that resulted in malware being placed on its network and the theft of an undetermined number of credit and debit card numbers and corresponding card data,” the indictment said.
But a statement that 7-Eleven issued on Tuesday (Aug. 19) tells a very different story. The 7-Eleven statement said that “affected transactions were limited to customers’ use of certain ATMs, owned and operated by a third party, located in 7-Eleven stores over a 12-day period from October 28, 2007, through November 8, 2007.”
That’s a very key difference, given that third-party ATM data—from machines that essentially leased space from various stores—would never be in the possession of 7-Eleven.
Read more on StorefrontBacktalk.