BreachExchange mailing list archives
Poppin' Tags, Breachin’ Data
From: Audrey McNeil <audrey () riskbasedsecurity com>
Date: Mon, 19 Oct 2015 18:00:47 -0600
http://www.bna.com/poppin-tags-breachin-b57982059611/ We still can’t get that crazy-catchy Thrift Shop beat of a couple of years ago out of our heads. Rapper Macklemore had everybody thinking about heading to the closest pre-worn clothes emporium to pop some tags--a kind of hipster field trip step-up from the pursuit of dumpster diving chic. Macklemore famously sang that he had “twenty dollars in my pocket” before he headed off to the used clothes depot. And using cash for his shopping probably would have saved him from cybercriminals that recently targeted credit card data from the America's Thrift Stores chain that operates at 18 locations in Alabama, Georgia, Mississippi, Louisiana and Tennessee. Ken Sobaski, the company’s chief executive officer, said that a malware-driven security breach had targeted software used by a third-party service provider and that the cyberattack was traced to criminals from Eastern Europe. The CEO said the “U.S. Secret Service tells us that only card numbers and expiration dates were stolen. They do not believe any customer names, phone numbers, addresses or email addresses were compromised. This breach may have affected sales transactions between September 1, 2015 and September 27, 2015.” The company posted a FAQ on the breach which said the malware had been removed and no longer posed a threat. It also said it had hired independent forensic investigation company Sikich—which it noted is certified by the Payment Card Industry Security Standards Council—to help it assess the situation. And the lessons learned? Even a humble thrift store may be the target of cybercriminals and always use cash at the thrift store as it will both protect your credit cards and prevent you buying too many Rayon Hawaiian shirts. But you just might want to break out the card for that dogs playing poker painting.
_______________________________________________ Dataloss Mailing List (dataloss () datalossdb org) Archived at http://seclists.org/dataloss/ Unsubscribe at http://lists.osvdb.org/mailman/listinfo/dataloss For inquiries regarding use or licensing of data, e-mail sales () riskbasedsecurity com Supporters: Risk Based Security (http://www.riskbasedsecurity.com/) YourCISO is an affordable SaaS solution that provides a comprehensive information security program that ensures focus on the right security. If you need security help or want to provide real risk reduction for your clients contact us!
Current thread:
- Poppin' Tags, Breachin’ Data Audrey McNeil (Oct 20)