In the meantime, reactions are pouring in from customers and the information security community in general, some saying to prepare for the worst, and some brushing it off as not-so-serious incident.
Link to Original Source
How the heck do they get away with having retrievable credit card details in their db? Once the CC# is in the database it shouldn't be retrievable.
How many places out there don't actually follow this simple rule?
Where I work we were worried that the banks may turn off our credit card processing facilities if we don't get PCI compliant. And that is maybe 1/40 of the customer base.
I am really puzzled - how does Vodafone get away with this in the first place? No audits?
That's what they invented Dvorak for....
Not sure if that was just supposed to be funny, but slashdot only has its highest traffic rating in Bangladesh. Click on the Audience tab to find that 44.4% of all visitors are from the US.Bangladesh only brings in 1.1% of all visitors.
Interesting. That file is gone and so is Google's cached version. Just how much info was in that PDF?!
When you leave that company do a replace on the company name and make it the official policy of the new company.
In case you get an audit match the auditors requirements with your security policy and enhance it where it lacks using the format of the template you brought along.
During the time of the audit have signs up in the office, revoke the CEO's and any other big shots/pain in the ass user's special privileges like having no password complexity, automatic timeout, etc.
When the auditors leave relax and congratulate yourself on how you played your part in the whole accreditation/compliance/certification placebo crap.
On the other hand if you really dislike a user point out a random clause in the policy and have them fired for violating it.