WooThemes users notified of payment card breach, 300 reports of fraud

Share this article:

After about 300 cases of payment card fraud were reported within a few days, WooThemes, a provider of WordPress themes, began notifying users that three modified files were discovered on its server and that payment card data may have been intercepted during the checkout process.

How many victims? About 300 cases of payment card fraud have been reported. An email alert was sent to all 230,000 newsletter subscribers.

What type of personal information? Payment card data.

What happened? After about 300 cases of payment card fraud were reported, WooThemes began notifying users that three modified files were discovered on its server and that payment card data may have been intercepted in the checkout process.

What was the response? WooThemes brought on Sucuri to conduct a code and security audit, updated its SSL certificate, requested a full review by its host and payment gateway, and changed its payment gateway to an offsite payment method – PayPal Express. All 230,000 newsletter subscribers were notified and a message was posted on the website. An investigation is ongoing.

Details: Reports of fraud began coming in over the past three days. Fraudulent transactions occurred within the past five days. The actual transactions on WooThemes took place in the beginning of the year. Sucuri discovered three modified files on the WooThemes server that could point towards an attack, but it cannot be said it is the reason for the breach.

Quote: “Without jumping to conclusions, and as already mentioned we do not store credit card details, so we believe this information was potentially intercepted in the checkout process,” according to the notification on the WooThemes website.

Source: woothemes.com, “Important information for all WooThemes Customers,” May 9, 2014.

Share this article:
You must be a registered member of SC Magazine to post a comment.

Sign up to our newsletters

POLL

More in The Data Breach Blog

Backup hard drive stolen from law firm contained personal info

Social security numbers were among the information on a backup hard drive that was stolen from an employee of Imhoff and Associates, PC.

POS malware infections at two OTTO pizzeria locations in Maine

About 900 customers at two OTTO pizzeria locations in Portland, Maine, had payment card data compromised after POS malware was discovered on terminals.

Los Angeles-based health system breached; more than 500 patients affected

Personal information on more than 500 Cedars-Sinai Health System patients was compromised after a laptop was stolen from an employee's home.