New Breach Exposes Credit Card Details of 110K Customers

Hackers have broken into the website of New York tour company CitySights NY and stolen approximately 110,000 bank card numbers, according to news reports.

In a Dec. 9 breach notification letter published by New Hampshire’s attorney general, CitySights NY said the intruder had used an SQL injection attack on the company’s web server to upload an unauthorized script, which then allegedly compromised the security of the database on that server.

With an SQL injection attack, hackers find ways to insert real database commands into the server using the web by adding specially crafted text into web-based forms or search boxes that are used to query the back-end database, according to Networkworld.

In the CitySights NY incident, hackers were able to snatch names, addresses, email addresses, credit card numbers and their expiration dates, and Card VV2 codes.

CitySights NY’s parent company Twin America said it has taken several “important steps” to improve data security, including locking down access to its servers, installing an application firewall, and conducting an independent penetration test.

email
Filed in: Cloud Tags: , , , ,

You might like:

Serco Introduces UK-Based Cyber Training Program; Richard Preece Comments Serco Introduces UK-Based Cyber Training Program; Richard Preece Comments
NSA Adds NYU School of Engineering to Exclusive Cyber Security List NSA Adds NYU School of Engineering to Exclusive Cyber Security List
HP Looks to Extend Data Protection with Cloud, Encryption Solutions HP Looks to Extend Data Protection with Cloud, Encryption Solutions
Bill Stewart: Booz Allen Finds Cyber Attacks the Top Security Concern of Finance CIOs Bill Stewart: Booz Allen Finds Cyber Attacks the Top Security Concern of Finance CIOs
© 2535 ExecutiveBiz. All rights reserved.