BreachExchange mailing list archives

Previous By Date Next
Previous By Thread Next

Poppin' Tags, Breachin’ Data

From: Audrey McNeil <audrey () riskbasedsecurity com>
Date: Mon, 19 Oct 2015 18:00:47 -0600
http://www.bna.com/poppin-tags-breachin-b57982059611/

We still can’t get that crazy-catchy Thrift Shop beat of a couple of years
ago out of our heads. Rapper Macklemore had everybody thinking about
heading to the closest pre-worn clothes emporium to pop some tags--a kind
of hipster field trip step-up from the pursuit of dumpster diving chic.

Macklemore famously sang that he had “twenty dollars in my pocket” before
he headed off to the used clothes depot.  And using cash for his shopping
probably would have saved him from cybercriminals that recently targeted
credit card data from the America's Thrift Stores chain that operates at 18
locations in Alabama, Georgia, Mississippi, Louisiana and Tennessee.

Ken Sobaski, the company’s chief executive officer, said that a
malware-driven security breach had targeted software used by a third-party
service provider and that the cyberattack was traced to criminals from
Eastern Europe.

The CEO said the “U.S. Secret Service tells us that only card numbers and
expiration dates were stolen. They do not believe any customer names, phone
numbers, addresses or email addresses were compromised. This breach may
have affected sales transactions between September 1, 2015 and September
27, 2015.”

The company posted a FAQ on the breach which said the malware had been
removed and no longer posed a threat. It also said it had hired independent
forensic investigation company Sikich—which it noted is certified by the
Payment Card Industry Security Standards Council—to help it assess the
situation.

And the lessons learned? Even a humble thrift store may be the target of
cybercriminals and always use cash at the thrift store as it will both
protect your credit cards and prevent you buying too many Rayon Hawaiian
shirts. But you just might want to break out the card for that dogs playing
poker painting.

_______________________________________________
Dataloss Mailing List (dataloss () datalossdb org)
Archived at http://seclists.org/dataloss/
Unsubscribe at http://lists.osvdb.org/mailman/listinfo/dataloss
For inquiries regarding use or licensing of data, e-mail
        sales () riskbasedsecurity com 

Supporters:

Risk Based Security (http://www.riskbasedsecurity.com/)
YourCISO is an affordable SaaS solution that provides a comprehensive information security program that ensures focus 
on the right security.  If you need security help or want to provide real risk reduction for your clients contact us!
Previous By Date Next
Previous By Thread Next

Current thread: