Quote:
Originally Posted by Ashikabi
Ft86 speed factory probably didn't know until the claims started rolling in
|
This. A lot of breaches go unnoticed until one of the credit reporting agencies, or the credit card companies notice that a bunch of people making fraudulent charge claims have made purchases at one common retailer.
At that point, the retailer gets notified and has a certain amount of time to investigate and remediate (usually hiring a third party consulting firm) as per PCI standards. They have to identify all affected customers, and then notify them AFTER they're confident they have all the names. At that point they also get fined based on how many card numbers were compromised.
Usually they're not allowed to, or are advised against, sending mass notifications that their site is breached immediately since that tips off the attackers as well and makes investigations harder.