Hosting.com Reveals Breach, Cites Law --- --- Online Security

Online Security, a global provider of computer forensics and information technology risk mitigation since 1997

Original Source: http://www.thewhir.com/marketwatch/hos031504.cfm

Hosting.com Reveals Breach, Cites Law
Prompted by a new California state law, Hosting.com (hosting.com), a Web hosting and Internet service division of Allegiance Telecom (algx.com), notified 4,000 hosting customers of a security breach that resulted in their usernames and passwords being exposed to the attacker(s), Security Focus reported late last week. The intrusion took place on March 3, 2004.

The new law, which took effect last year on July 1, requires companies to warn their customers of any security leak that exposes personal and critical information. "Any agency that owns or licenses computerized data that includes personal information shall disclose any breach of the security of the system following discovery or notification of the breach in the security of the data to any resident of California whose unencrypted personal information was, or is reasonably believed to have been, acquired by an unauthorized person," the law reads.

The company told Security Focus that the information exposed in the attack was not covered by the law, but Jerry Ostergaard, spokesperson for Allegiance Telecom, said that under the circumstances, notifying its customers of a potential problem was the right thing to do. The perpetrator reportedly accessed thousands of passwords to customer Web hosting accounts. Allegiance Telecom said it was particularly concerned about the many accounts running e-commerce operations.

Earlier last week, Allegiance Telecom, citing the new law, sent out a letter to 200 customers reporting a security breach to an e-commerce server. Ostergaard said the company is working to enhance security.

According to Netcraft (netcraft.com), Allegiance hosts approximately 30,000 active sites. Currently operating under chapter 11 bankruptcy protection, Allegiance Telecom was acquired last month by XO Communications (xo.com) for over $300 million.