Baum’s World

Batteries.com—Security Breach

Posted by: Solitary Dancer on: May 24, 2009

I know this is kind of off topic but I also believe our identities and credit are a worthy topic.  I have bought batteries in bulk at Batteries.com and just received a letter about a security breach.

ScreenShot087  Batteries.com had a security breach in February.  All personal and credit information was hacked for a period of a couple weeks.

You should have gotten a letter from them.  But if you did business with them, at any time, I would contact them and see if they will give you a free two year membership to Triple Alert.

Also, make sure you put a fraud alert on your credit report and pull copies of your report.

Here’s some info on what happened

Batteries.com Fraud Prevention

A message from batteries.com

Batteries.com sincerely apologizes for any inconvenience the recent security breach has caused you. We want to assure you that we take exposure of customer information seriously and are committed to protecting the confidentiality of our customers’ private and sensitive information. We recognize the inconvenience associated with the compromise of your information.

We are committed to helping you deal with this situation and encourage you to take advantage of the protections the company made available to you as outlined in your letter. There also are other measures you can take to ensure protection of your personal information which are discussed below.

We at Batteries.com hope these Frequently Asked Questions , and the steps we are taking to protect your personal information, are helpful.

If you have any further questions regarding this incident, please call the Experian Call Center at 1-888-829-6553.

FREQUENTLY ASKED QUESTIONS (FAQs)

I. Background

  •  What happened?

An individual or individuals illegally “hacked” into a Batteries.com server, resulting in the exposure of name, address, and credit card information belonging to customers which was collected through Batteries.com’s website.

   •  When did this happen?

We believe the hacker(s) illegally accessed Batteries.com’s server starting on February 25, 2009 and for a period of several weeks. The access diminished significantly on or around March 17, 2009 , when we took certain enhanced data protection measures, and by April 9, 2009 , the access was terminated.

   •  When did Batteries.com learn of the incident?

We first learned of the potential exposure to the server on March 13, 2009 , when a customer reported to the company potentially unauthorized activity regarding a credit card account.

Because Batteries.com takes any report regarding the potential exposure of sensitive information seriously , we opened an investigation and put in place a series of measures to prevent further exposure of customer information and this type of hacking from occurring in the future.

Further, the company began working with internal and external forensic experts to ascertain what happened and who may have been affected.

   •  What information was exposed?

Batteries.com, with the assistance of internal and external IT and forensic experts, has conducted a thorough forensic review to determine the circumstances of this attack and those impacted. As a result of this review, we believe that the categories of information exposed were limited to names, addresses, and credit card information.

   •  Have there been any reports of unauthorized or fraudulent use of credit card information in connection with this incident?

As of April 25, 2009 , a small number of Batteries.com customers had contacted the company to report potential unauthorized activity regarding their credit card accounts.

The company notified law enforcement of this incident and is working with them to identify those responsible.

We also have notified the major credit card companies (i.e., American Express, Discover, Mastercard and Visa).

   •  What data security did Batteries.com have in place at the time of the incident?

Batteries.com had a number of security measures in place at the time of the incident, including firewalls and antivirus protections.

   •  What steps did Batteries.com take in response to this incident?

Click here to read the full posting

Happy Easter

Posted by: Solitary Dancer on: April 12, 2009

Picture Credit: WikiMedia

Reflections on Lessons

Posted by: Solitary Dancer on: April 5, 2009

In beginning to read this book, I am taking the time to digest each lesson and see how it applies to me, my team and our company.  Learning the best practices and comparing this to the shortcomings from many other companies should lend itself to creating my own Best Practices for Software Testing.

Right off, with Lesson 2, I’ve found that some companies don’t see the value or even understand good testing practices.

Testing should be a project and not just an afterthought that you “fake” your way through because a release is scheduled to go out in one day and you just received items for testing. 

Don’t promise that a release will be held up because testing is not complete nor thorough.  That’s a nice goal and it sounds good but it’s not the reality. Releases go out on schedule because of client demand.  Testing is barely done and when it’s done it’s lacking.

Some testers have experienced lack of time and support to do a really good job of testing new functionality.  Not only ridiculous time constraints but, there are testers that have been up against developer push back and zero unit testing.

The problem? In some companies there is no official testing group.  There is no testing manager and there is no accountability.  Software testers have assigned to teams and report to Developers.  Well since developers don’t get it, this model will fail.

Given this you can easily see why, some companies cannot and do not:

  • Certify that the product meets a particular standard
  • Assure that the test process meets accountability standards

So, what does this mean for me?  I think the first thing we, as testers, need to stress is the product standard.  What is it?  How do they think we will reach that standard?  How much testing do they really think it will take to meet the Gold standard?

So testers, keep sending me your thoughts on the testing process and the problems you encounter.

Lacking Quality

Posted by: Solitary Dancer on: March 31, 2009

I am so glad I ordered this book.

Lessons Learned in Software Testing

I am working on a test script that can be used by our support team in another country.  This needs to be an extensive and detailed script. 

In order to do this I needed details on a major change in functionality. The team responsible for this change and the testing of the change directed me to our test repository.

I found the test and just sat and stared at this piece of $hit.  I was shocked.  The test was not complete, did not give expected results and could not be used anyone that was not intimately familiar with the functionality.

Now, I am predicting serious problems with this new framework.  This was the most pathetic attempt at a test script I’ve ever seen.  Funny thing.  This script was written by a Senior Quality Engineer.

Scripts like this are an embarrassment to us, as a company. 

Hopefully, my book selection will guide me to create a better set of standards.

I can’t change the company but I can change my team.

Currently Reading

Posted by: Solitary Dancer on: March 29, 2009

Thought I would share a good read with you.  This is an excellent resource. I am reading this with the mindset of creating a “Best Practices” program.

 

Lessons Learned in Software Testing

Older Entries

Twitter Updates

Categories

Top Posts

  • None

Older Posts

Recent Comments

Blog Stats

  • 220 visitors

Blog at WordPress.com.

Albeo theme by Design Disease