A hacker stole the credit card details of over 800 members of the IEEE (Institute of Electrical and Electronics Engineers) last December, according to its law firm.
A team of IEEE-appointed forensic investigators “concluded that a file containing customer credit card information had been deleted on or about November 17, 2010”, the institute's law firm told the Attorney General of New Hampshire in February [pdf].
The forensic team believed that 828 members’ credit card numbers, associated names, expiration dates and security numbers may have been accessed.
It discovered “certain vulnerabilities in the system”, but the IEEE had no proof that the exposed credit cards had been used to make fraudulant transactions, according to the letter.
But credit card details may not be what the hackers were after. The institute has many of the world's top engineers as its members, and is responsible for the 802.11 wireless networking standard.
Kaspersky Lab’s Threat Post blogger Paul Roberts, who broke the story, speculated that IEEE’s members could become “the targets of sophisticated phishing and social engineering attacks using stolen data.”
He added that holding such details ran against Payment Card Industry Data Security Standard (PCI DSS).
The IEEE's lawyers said the institute had alerted the FBI to the breach.
