Security Architecture, Endpoint/Device Security, Endpoint/Device Security, Security Strategy, Plan, Budget, Vulnerability Management, Incident Response, TDR, Threat Management, Threat Management, Endpoint/Device Security, Endpoint/Device Security, Endpoint/Device Security

Cyberattackers may have personal information of shoppers

The personal information of an unknown number of customers of Major League Soccer's (MLS) online clothing store may have been accessed by cyberattackers last year.

Malicious hackers used SQL injection attacks between January and August of last year to possibly breach the personal information of's customers, which had been stored on the servers of a third-party vendor.

Although an unknown number of consumers were affected by the incident, Michael Sapherstein, MLS vice president and deputy general counsel, told New Hampshire Attorney General Kelly Ayotte that 169 of the affected individuals are residents of her state.

The cyberattackers may have accessed customer names, addresses, credit and debit card information and website passwords, Sapherstein said in a letter dated Feb. 1.

A SQL injection attack exploits a database-layer vulnerability in an application to access end-user information. Researchers at AVG warned last month of a SQL injection attack that, atone point, affected more than 70,000 websites, including several pagesof CA's site and destinations on the .edu domains.

In response to the breach, the professional soccer league has purged all passwords and terminated its relationship with the vendor, which was not named. The organization has also notified all affected online shoppers.

The attack was first reported Friday on privacy website

The league has offered affected individuals a year of free credit monitoring with Knoll Background America and has contacted the FBI, Visa, MasterCard and its credit card payment processor about the incident, according to Sapherstein's letter.

In a letter posted to the New Hampshire Justice Department's Consumer Protection and Antitrust Bureau website,MLS President Mark Abbott told end-users that they would have to create a new password when visiting

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.