Security News > 2020 > November > Texas Gold-Dealer Mined for Payment Details in Months-Long Data Breach
The company's response was less than solid gold - it took months to notify its users of the breach.
In a notice sent to its online customers, the company said that it became aware of suspicious activity on its website on July 6.
The company claims on its website that it uses 256-bit SSL encryption, certified by DigiCert/Norton.
"Magecart attacks are notoriously difficult to detect because they target the client-side of websites," Ameet Naik, security evangelist at PerimeterX, told Threatpost, noting that taking five months to notice the skimmer is not unusual.
"Hackers inject malicious shadow code into the website scripts which runs on the users' browsers. Traditional server-side monitoring and security solutions don't have visibility into this client-side activity and are unable to stop such digital skimming attacks that lead to the theft of personal data from website users. This not only hurts the online business, but also exposes them to compliance penalties and liability."
News URL
https://threatpost.com/texas-gold-dealer-payment-data-breach/160846/
Related news
- Texas State Bar warns of data breach after INC ransomware claims attack (source)
- HPE notifies employees of data breach after Russian Office 365 hack (source)
- Fintech giant Finastra notifies victims of October data breach (source)
- US drug testing firm says data breach impacted 3.3 million people (source)
- US drug testing firm DISA says data breach impacts 3.3 million people (source)
- Background check, drug testing provider DISA suffers data breach (source)
- Data breach at Japanese telecom giant NTT hits 18,000 companies (source)
- PowerSchool previously hacked in August, months before data breach (source)
- Western Alliance Bank notifies 21,899 customers of data breach (source)
- Sperm donation giant California Cryobank warns of a data breach (source)