Breaking news seems to be coming form the Twitterverse this morning.
It appears that the Auckland City Council’s parking machines were storing the credit card numbers of all cards entered into the machines and the database storing this data has been hacked.
There is a discussion going on here at Public Address: http://publicaddress.net/system/topic,2226,hard-news-a-bigger-breach.sm
There is no reason why after the transaction was processed for the council to store the credit card numbers unless they were using them as a form of tracking of people using the carpark, if this is the case they still should have never stored the credit card numbers, at a minimum a hash sum of the number would have worked. There appears to be much more to come on this story.
Update:
This just in from Mr A. Source:
Auckland City’s PCI certification is under serious review which will compromise their ability to carry out any credit card transactions. This will also potentially impact the new Auckland Council. Basically, internal systems at Auckland City have been compromised.
http://publicaddress.net/system/topic,2226,hard-news-a-bigger-breach.sm?p=142117#post142117
