Flat, firewall-free network was a walk in the park, boffins say.[…]They say the casino lacked even basic firewalls around its payment platforms and did not have logging.

“It was a very flat network, single domain, with very limited access controls for access to payment systems,” Emmanuel Jean-Georges told the Cyber Defence Summit (formerly Mircon) in Washington DC today.

“Had this casino hotel operator had even minimal or basic protections in place like a firewall with default deny systems to limit access to PCI (payment) systems … it would have slowed down the attackers and hopefully set off red flags.”

Source: Jackpot: New hacking group steals 150,000 credit cards from casino

“It appears that the focus was to obtain contact information such as names, addresses, email addresses and phone numbers of current and former subscribers in order to send fraudulent solicitations.”[…]“As part of the investigation to date, we also determined that payment card and contact information for fewer than 3,500 individuals could have been accessed, although we have discovered no direct evidence that information was stolen,” the letter says. Those individuals are being contacted directly by Dow.

And if you believe that these details weren’t taken while they were in plain view (as well as their encrypted passwords) you’ll believe anything. I have a great deal on used camels for you.

Source: Dow Jones the latest big-name breach