December 26, 2000 4:55 PM PST

Egghead tight-lipped about hack investigation

Four days after hackers broke into Egghead.com, potentially exposing all of the company's 3.7 million customer accounts, the company declined Tuesday to share with customers the results of its ongoing investigation.

Representatives for Egghead and its outside security consultant, Kroll Worldwide, said that while they have continued to gather information about the breach, they have no updates on how hackers were able to break into Egghead's systems or on how many customer accounts were compromised.

"We don't have all the facts completely nailed down," Egghead spokesman John Stodder said. "That's stuff we'll talk about when we have it all figured out.

"I don't want to say that they don't have a lot more information; they do," Stodder said. "But there's nothing I can talk about."

A representative for Kroll Worldwide, which Egghead brought in to assess the breach, declined to offer specifics, saying only that there should be an update within a "couple days."

"We can't share anything on this today," said Lee Curtis, a spokesman for Kroll.

Earlier this month, hackers broke into Creditcard.com and downloaded 55,000 credit card numbers. The FBI is investigating the incident.

Egghead sent an email to customers last weekend stating that "a hacker has accessed our computer systems, potentially including our customer databases." But the email added, "While there is no indication that any customer information has been compromised, as a precautionary measure, we have taken immediate steps to protect you by contacting the credit card companies with whom we work."

Customers whose credit card numbers are fraudulently exposed online shouldn't have to pay bogus charges. Most major credit card companies have fraud protection programs for consumers that absolve them of all charges. Previously, consumers were liable for up to $50 of bogus charges, but American Express, MasterCard and Visa International now guarantee that consumers will not have to pay any fraudulent charges.

Last week, Egghead shared its customer information with credit card companies to help them monitor customer accounts for potentially fraudulent charges. In a statement, MasterCard said that it had notified banks about the potentially affected accounts.

"We want to remind our members and their cardholders that technology is currently available which could prevent this type of crime," MasterCard said in a statement Tuesday. "MasterCard's rules require that merchants securely encrypt cardholder information, including card numbers so that theft cannot occur.

"In addition, MasterCard has published and made available to its members 'Best Practices' for electronic commerce merchants in order to guide them in securing this information."

Representatives for MasterCard and American Express declined to say how many of their customers may have been affected and whether any fraudulent charges had been made on their accounts.

Representatives for Visa and Discover did not return calls seeking comment.

 

Join the conversation

Add your comment

The posting of advertisements, profanity, or personal attacks is prohibited. Click here to review our Terms of Use.

What's Hot

Discussions

Shared

RSS Feeds

Add headlines from CNET News to your homepage or feedreader.