IEEE suffers data breach

The Institute for Electrical and Electronics Engineers suffered a data breach last year that compromised credit card information of 828 people who registered for an IEEE conference.

The IEEE is notifying them that a breach on or about Nov. 17, 2010, resulted in a file containing customer information being deleted, according to a notification the IEEE's law firm sent to the New Hampshire Attorney General.

The letter says there's no proof fraudulent charges were have been made against any of the credit cards or even that the file was removed or copied from the system.

The breach was discovered in mid-December, and a forensics investigation revealed on Feb. 10 that the file had been deleted.

"Based on this conclusion it appears that an unauthorized person may have obtained access to credit card numbers and the associated names, expiration dates and security numbers for approximately 828 cardholders," the letter says.

The forensic investigation uncovered vulnerabilities in the system that have been corrected, the letter says. The IEEE notified the FBI about the case.

In a letter to those whose information was compromised, the IEEE describes the incident as a sophisticated network intrusion. It offers the victims a year's subscription to an identity-theft protection service.