The Canadian online pharmacy PlanetDrugsDirect is notifying customers of a data breach that exposed both payment and personal health insurance. In an email obtained by Bleeping Computer the bargain online retailer said exposed data could include name, address, email, phone number, medical information (including prescription) along with payment card data. The company does not believe…
A researcher has discovered a pair of new Magecart-style web skimmers, each one featuring an evasion technique that’s not typically employed by this breed of malware: steganography and the transfer a data via the WebSocket protocol. The researcher, who uses the handle @AffableKraut, posted his two findings on Twitter last month, prompting the team from…
The Houston-based steakhouse, restaurant and hospitality company Landry’s, Inc. has advised customers of a point-of-sale malware attack that stole payment card data from an order-entry system used to process kitchen and bar orders. According to a company breach notification, Landry’s food and beverage locations typically use point-of-sale terminals featuring end-to-end encryption technology that protects the…
Wawa convenience stores is reporting a massive data breach that impacted payment card transactions potentially at all of its 800 locations. Malicious actors managed to place malware on Wawa’s in-store and fuel pump POS systems starting on March 4, 2019 with all of its stores most likely being compromised by April 22. The company discovered…
An unsecured database operated by the online retailer LightInTheBox left 1.3TB of data containing 1.6 billion shopper records exposed for a three-month period this year. In what the breach discovers VPNMentor described as a major lapse in LighInTheBox’s data security and potentially devastating to the victims exposing them to not only a cyberattack but potentially…
The e-commerce website of weapons manufacturer Smith & Wesson has been targeted by a Magecart payment card-skimming group that’s been using lookalike domain names to impersonate payment anti-fraud company Sanguine Security. The Smith & Wesson website was compromised with a JavaScript-based skimmer last Wednesday, Nov. 27 – in time to steal card information for any…
Church’s Chicken suffered a cyberattack that penetrated the payment processing system at some of the chain’s corporate locations compromising payment card information. The company operates 941 locations across the United States, but in a statement noted only 165 of those, all owned and operated by the corporation, were impacted. Payment card numbers, names and expiration…
Fifteen months after DiBella’s Old Fashioned Submarines was notified by the FBI and credit card companies of a data breach the sandwich shop chain has issued a notice informing its customers of the incident. The company reported its stores in Connecticut, Indiana, Michigan, Ohio, New York and Pennsylvania may have had the information on as…
The Catch Hospitality Group is notifying customers of its New York City restaurants of a POS malware incident that may have compromised their payment cards. Catch NYC (including Catch Roof) and Catch Steak had payment card skimming malware injected into the POS systems in use at the restaurant bars that searched for track data which…
Home goods retailer Bed Bath & Beyond yesterday disclosed in a Securities & Exchange Commission 8-K filing that an unauthorized third party illegally accessed one percent of its online customers’ accounts. The online intruder acquired the account emails and passwords from a “source outside the company’s systems,” the Union Township, N.J. retailer reported. Based on…
