Lush hack let slip 5, 000 people's bank details (UK)

[Jeffrey Walton <noloader () gmail com>]

http://www.zdnet.co.uk/news/security-threats/2011/08/10/lush-hack-let-slip-5000-peoples-bank-details-40093664/

Outsiders installed code on Lush's website that intercepted banking
details — in what is known as a man-in-the-middle attack — between
October 2010 and January 2011, the UK data-protection watchdog said on
Wednesday.

"Hackers attacked and put a bit of code on the Lush website to siphon
off customer details," a spokesman for the Information Commissioner's
Office (ICO) told ZDNet UK. "The code allowed the hackers to get
information as people were putting [payment details] into the
website."

...
_______________________________________________
Dataloss-discuss Mailing List (dataloss-discuss () datalossdb org)
Archived at http://seclists.org/dataloss/
Unsubscribe at http://datalossdb.org/mailing_list

Learn encryption strategies that manage risk and shore up compliance.
Download Article 1 of CREDANT Technologies' The Essentials Series:
Endpoint Data Encryption That Actually Works
http://credant.com/campaigns/realtime2/gap-LP1/