Cornerstone Payment Systems, which processes payments for pro-life groups, churches, ministries and other organizations with a similar Christian bent, left a database unprotected, exposing 6.7 million records from 2013 until the present.
Information housed by the database included names, email addresses and physical addresses as well as card and merchant information, expiration dates and the last four digits of cards used in payment, according to a TechCrunch report. Transaction details, such as merchants, type of payment, times and dates are also stored on the database discovered by security researcher Anurag Sen.
Tustin, Calif.-based Cornerstone, which bills itself as “committed to separating ourselves from the industry through a commitment to Christ,” did not encrypt the database but seems to have used tokenization, the report said.
Please register to continue.
Already registered? Log in.
Once you register, you'll receive:
The context and insight you need to stay abreast of the most important developments in cybersecurity. CISO and practitioner perspectives; strategy and tactics; solutions and innovation; policy and regulation.
Unlimited access to nearly 20 years of SC Media industry analysis and news-you-can-use.
SC Media’s essential morning briefing for cybersecurity professionals.
One-click access to our extensive program of virtual events, with convenient calendar reminders and ability to earn CISSP credits.