New Breach Exposes Credit Card Details of 110K Customers

Hackers have broken into the website of New York tour company CitySights NY and stolen approximately 110,000 bank card numbers, according to news reports.

In a Dec. 9 breach notification letter published by New Hampshire’s attorney general, CitySights NY said the intruder had used an SQL injection attack on the company’s web server to upload an unauthorized script, which then allegedly compromised the security of the database on that server.

With an SQL injection attack, hackers find ways to insert real database commands into the server using the web by adding specially crafted text into web-based forms or search boxes that are used to query the back-end database, according to Networkworld.

In the CitySights NY incident, hackers were able to snatch names, addresses, email addresses, credit card numbers and their expiration dates, and Card VV2 codes.

CitySights NY’s parent company Twin America said it has taken several “important steps” to improve data security, including locking down access to its servers, installing an application firewall, and conducting an independent penetration test.

Filed in: Cloud Tags: , , , ,

You might like:

Bill Stewart: Booz Allen Finds Cyber Attacks the Top Security Concern of Finance CIOs Bill Stewart: Booz Allen Finds Cyber Attacks the Top Security Concern of Finance CIOs
US Banks Take Part in Cyber Attack Preparedness Drill US Banks Take Part in Cyber Attack Preparedness Drill
Intelligent Decisions, Wave Form Cloud and Cybersecurity Team; Harry Martin Comments Intelligent Decisions, Wave Form Cloud and Cybersecurity Team; Harry Martin Comments
Unisys Unveils Mobile Services Software for CSPs; Steven Chuey Comments Unisys Unveils Mobile Services Software for CSPs; Steven Chuey Comments

Leave a Reply

Submit Comment

© 2014 ExecutiveBiz. All rights reserved.

A Digest of ExecutiveBiz's Daily Coverage of GovCon

  • Executive Analysis
  • Technology & Innovation
  • Business

Sign up for the ExecutiveBiz Digest