BreachExchange mailing list archives

Previous By Date Next
Previous By Thread Next

Update to the Iron Horse Bicycle Classic breach

From: Erica Absetz <erica () riskbasedsecurity com>
Date: Fri, 3 May 2013 11:00:23 -0400
http://www.databreaches.net/?p=27550

Back in February, I noted that the FBI had been called in to
investigate a breach involving the Iron Horse Bicycle Classic.  A
number of those who signed up for the event had reported credit card
fraud.

Now lawyers for Iron Horse Bicycle Classic have reported the breach to
the New Hampshire Attorney General’s Office. Their report provides
some additional details on what the investigators found.

According to the statement, on March 1, IHBC learned that the server
they shared with other companies on an unnamed web host provider had
been attacked, and the attacker had been able to send information from
the server to an unauthorized address on the Internet.  Significantly,
the attack may have occurred as early as November 30, 2012.

Although IHBC notified registrants by e-mail on March 14, they first
mailed out letters in the last week of April. The letters informed
them that the attacker may have obtained their names, postal and
e-mail addresses, credit card information, and ages.

IHRB made some changes in how it handles payments, but surprisingly in
light of know fraudulent use of information, did not offer registrants
any free credit monitoring services.

Of course, now I’m also wondering what other companies on the shared
server may also have been hacked or had PII compromised. I’m also
wondering what the unnamed web host provider is doing to prevent or
catch future attacks.
_______________________________________________
Dataloss-discuss Mailing List (dataloss-discuss () datalossdb org)
Archived at http://seclists.org/dataloss/
Unsubscribe at http://datalossdb.org/mailing_list

Supporters:

Risk Based Security (http://www.riskbasedsecurity.com/)
Risk Based Security equips organizations with security intelligence, risk
management services and on-demand security solutions to establish
customized risk-based programs to address information security and
compliance challenges. 

Tenable Network Security (http://www.tenable.com/)
Tenable Network Security provides a suite of solutions which unify real-time
vulnerability, event and compliance monitoring into a single, role-based, interface
for administrators, auditors and risk managers to evaluate, communicate and
report needed information for effective decision making and systems management.
Previous By Date Next
Previous By Thread Next

Current thread: