in

New Breach Exposes Credit Card Details of 110K Customers

Hackers have broken into the website of New York tour company CitySights NY and stolen approximately 110,000 bank card numbers, according to news reports.

In a Dec. 9 breach notification letter published by New Hampshire’s attorney general, CitySights NY said the intruder had used an SQL injection attack on the company’s web server to upload an unauthorized script, which then allegedly compromised the security of the database on that server.

With an SQL injection attack, hackers find ways to insert real database commands into the server using the web by adding specially crafted text into web-based forms or search boxes that are used to query the back-end database, according to Networkworld.

In the CitySights NY incident, hackers were able to snatch names, addresses, email addresses, credit card numbers and their expiration dates, and Card VV2 codes.

CitySights NY’s parent company Twin America said it has taken several “important steps” to improve data security, including locking down access to its servers, installing an application firewall, and conducting an independent penetration test.

ExecutiveBiz Logo

Sign Up Now! ExecutiveBiz provides you with Daily Updates and News Briefings about Government Cloud

mm

Written by Admin

Obama's No. 2 Tech Guru Resigns to Rejoin Private Sector - top government contractors - best government contracting event
Obama's No. 2 Tech Guru Resigns to Rejoin Private Sector
Cyber Pros Go Gov: OPM to Create Cyber Career Track? - top government contractors - best government contracting event
Cyber Pros Go Gov: OPM to Create Cyber Career Track?