Over 200,000 compromised credit card details


Breach notification, missing card fraud, fraud management and cybercrime

Company says it is migrating to a different payment system, adding 2FA requirements

Prajeet Nair (@prajeetspeaks) •
January 1, 2022

US e-commerce site PulseTV recently revealed a data security breach involving more than 200,000 customer credit card details.

See also: How to improve your defenses with Security Analytics

In a notification letter shared with the Maine attorney general’s office, the company states that the information, including name, address, email address, charge card number, expiration date, and the card security code (CVV) provided during payment are compromised.

“On March 8, VISA informed us that our website (www.pulsetv.com) was a common point of purchase for certain unauthorized credit card transactions and that the website could be compromised. Shortly thereafter, We have performed malware scans, verified our security settings and cooperated with VISA inquiries, ”the company said.

A spokesperson for PulseTV was not immediately available for comment.

Progress survey

After an initial investigation, PulseTV said it had not found any outstanding compromises regarding customer credit cards, nor any complaints from customers regarding credit card transactions.

However, a few months later, law enforcement contacted the e-commerce company and notified them of other payment card breaches that appeared to be from pulsetv.com.

“We then started working with a legal advisor specializing in cybersecurity. The legal advisor also hired nationally recognized cybersecurity experts to assist with the investigation,” he said. “On November 18, 2021, our investigator learned that the website had been identified as a common point of purchase for a number of unauthorized credit card transactions for MasterCard.”

PulseTV says that after communicating with the card brands, it is believed that only customers who purchased products from the website with a credit card between November 1, 2019 and August 31, 2021 may have been affected, but the Investigators were unable to verify that the website was the cause of the unauthorized transactions.

“However, as a precaution, PulseTV is advising customers, including you, who have purchased products from our website during this time so that they can take steps to protect and secure their credit card information,” said the company.

PulseTV also announced the migration to a different payment system and the addition of two-factor authentication requirements for all internal devices. The platform plans to use endpoint detection and response tools to provide better network visibility and threat mitigation.

“We are also working with the payment card networks to keep them informed and to cooperate with the ongoing investigation of the incident by law enforcement. Finally, we are advising the appropriate state regulators of this incident, in accordance with our compliance obligations and responsibilities. The company said.

The company has warned customers, who purchased from the site between November 1, 2019 and August 31, 2021, to remain vigilant against fraud and identity theft and recommends that they regularly review their account statements and monitor free credit reports for any unauthorized activity.

“If you believe that your payment card information may have been compromised, we strongly encourage you to contact your payment card company and / or your financial institution and request the card to be canceled. You should report any suspected identity theft incident to your local law enforcement and state attorney general, ”the company said.

Skimming attack?

In April, Visa’s Payments Fraud Team reported that cybercriminals were increasingly using web shells to establish command and control of retailer servers during payment card skimming attacks. (see : Visa describes new skimming attack tactics).

Web shells allow fraudsters carrying out digital skimming attacks on e-commerce sites to establish and maintain access to compromised servers, deploy additional malicious files and payloads, facilitate lateral movement within the network a victim and execute commands remotely, Visa said.

The most common methods of deploying a web shell are malicious application plugins and PHP code, Visa reported.

Visa reached its conclusions after studying 45 digital skimming attacks in 2020. In February, Microsoft reported spotting 140,000 web shells per month on servers from August 2020 to January 2021, which it says is almost double the number for the same period the year before. These web shells, however, were not used for retail attacks.

Michigan State University last year in August said it was investigating how hackers stole credit card data from the school’s online shopping site on a nine-month period (see: University investigates credit card data skimming).

The skimming, which took place between October 2019 and June, appears to have affected around 2,600 customers at the university’s online store, shop.msu.edu, according to the school.


About Author

Comments are closed.