Web.com, the provider of web solutions to small businesses, has “reported that it discovered an unauthorized breach of one of its computer systems on August 13” and is notifying “approximately 93,000 customers” that their credit card information may have been compromised.
In its Security FAQs, Web.com explains that “the credit card information of approximately 93,000 customers (of the company’s over 3.3 million customers) has been compromised, including the name and address attached to these credit cards. Importantly, the card validation codes were not compromised, and no other customer information was accessed.”
Web.com is unaware of any misuse of the stolen information.
Best-practice information security
As Web.com notes, “cybercrime is a persistent threat in today’s world. Despite our best efforts, no business is immune.” Organizations that want to do their best to protect their customers’ information against cyber attacks would do well to invest in best-practice information security solutions.
The international standard ISO 27001 sets out the requirements of an information security management system (ISMS) – a best-practice approach to information security that encompasses the entire organization, and addresses people, processes, and technology.
The external validation provided by accredited ISO 27001 registration will improve an organization’s cybersecurity posture while confirming to stakeholders, suppliers, and staff that best practices are being employed. Moreover, it is also often the case that companies will achieve compliance with a host of legislative frameworks – including state data breach notification laws and federal regulations such as FISMA, the GLBA, HIPAA, and SOX – and international standards like the PCI DSS simply by achieving ISO 27001 registration.