A subsidiary of the California Association of Realtors suffered a data breach that exposed user information for a two-month period earlier this year.
The subsidiary, Real Estate Business Services (REBS), said malware was injected into the organization's online payment system at store.car.org and was active between March 13, 2017 and May 15, 2017, according to the San Diego Union Tribune. REBS sells educational material, products and forms to the association's members.
The compromised data included the user's name, address, credit card number, credit card expiration date and in some cases CVC code, REBS said in a letter, the Union Tribune reported. The group did not say how many people may have been affected.
REBS said the malware has been removed and the group has moved to a new payment system that uses PayPal.