Although stereotypes of lone hackers downplay their potential dangerousness, the largest case of compromised data suggests otherwise. In September 2004, a hacker employed an SQL injection attack on...

Although stereotypes of lone hackers downplay their potential dangerousness, the largest case of compromised data suggests otherwise. In September 2004, a hacker employed an SQL injection attack on Card Systems Solutions’ Web application and Web site to install hacking programs on computers attached to their network. The programs were designed to collect and transmit magnetic stripe data stored on the network to computers located outside the network every four days. As a result, the hacker obtained unauthorized access to magnetic strip data (i.e., customer name, card number and expiration date, a security code used to electronically verify that the card was genuine, and other personal information) of over 40 million individuals. As a result, the Federal Trade Commission filed a complaint against the credit authorization firm, alleging violations of the Federal Trade Commission Act.