Obviously spooked by the incident, in which the hacker was caught red-handed, Egghead decided to inform the credit card companies and hand over 3.7 million customer credit card details, so that they could make the necessary security arrangements.
After the intrusion was detected, the company worked with a security consultancy to find out whether any of the records had been compromised. The online retailer now believes that it stopped the hacker in time.
"All this has done is speed our security process up," said company spokeswoman Shoreen Maghame, adding that the company had already budgeted for security enhancements this quarter. However, none of this will do anything to reassure a customer base that is still concerned about online security and privacy.
The real issue is that online retailers are putting revenue growth and market share above security, said Jonathan Gossels, vice president of US-based security consultancy SystemExperts and former director of business development for the Open Software Foundation. "Security is a low priority," he said. "Over and over again, we hear companies saying that they are growing too fast to make their sites secure."
The incident occurred almost a year after online retailer CDUniverse had 25,000 credit card numbers stolen from its site and posted on the Internet when it refused to give in to blackmail. Press reports of other such hacks have littered the news, and credit card companies such as Visa have issued zero liability guarantees to try and lure customers on to the Internet.
"Credit card companies are applying risk analysis while looking at the cost of transactions on the Web compared to paper transactions," said Gossels. He believes firms will shoulder some of the inevitable fraud on the Internet as long as it is offset by the reduced overhead associated with online transactions.
According to Gossels, a security audit for online retailers taking credit cards is out of the question, because there are very few online traders that could call themselves hacker-proof. For the time being, credit card companies are willing to take the risk - but if online revenues do not measure up in the long-term, or if online fraud becomes too much of a problem thanks to careless retailers, then the situation may change.
Top e-commerce slip-ups
Common mistakes that SystemExperts has seen being made by companies doing business online:
Internet security resources
There are organisations that can help combat inadequate security and protect companies from infiltration. These include the System Administration, Networking and Security (Sans) Institute, (www.sans.org), formed in 1989 as a forum to help share information about security issues. Sans runs the Global Incident Analysis Center, which detects new security threats and makes information about them available online.
The Cert Coordination Center, operated by Carnegie Mellon University (www.cert.org) is another information hub that circulates data about Internet security threats, while the Center for Internet Security (www.cisecurity.org) is a not-for-profit organisation with methods and tools to help secure networks.