SEPTA suffered from a malware attack
An US transport authority has permanently closed their online store due to a malware attack. SEPTA (Southeastern Pennsylvania Transport Authority) shut down their online store (i.e. Shop.SEPTA.org) within an hour after discovering an incursion. The online store of SEPTA sold the online travel tickets, as well as the SEPTA-branded T-shirts and mugs.
The intrusion in shop.septa.org came to attention of Southeastern Pennsylvania Transport Authority, when the transport authority has been alerted about this attack on Jul. 16, 2019, by a customer who has received malware warning at the time of browsing the online shop.
According to the letters that were sent to the 761 customers who were probably victimized, the hack of the e-commerce site has resulted in theft of personal information including names, credit card numbers, and addresses, said Andrew Busch, a SEPTA spokesperson. The data that has been stolen from SEPTA's online store was made available on dark web, Busch added.
The thefts of personal information might have taken place in between Jun. 21, 2019, and Jul. 16, 2019, as per the notification letter of customers, and has been done through Magecart, the hacker group which skims the credit card information from the online shopping systems. However, the Southeastern Pennsylvania Transport Authority has waited till Sep. 5, 2019, to inform the customers affected by this attack.
The officials of SEPTA said that it has not been possible to catalog immediately the complete scope of this breach. Busch told the Infosecurity Magazine that "customers were notified as soon as SEPTA was confident that it had gathered accurate information regarding the individuals who were affected".
Southeastern Pennsylvania Transport Authority has followed the proper reporting protocols after the breach has been discovered, by notifying Pennsylvania Department of Transportation and the FBI.
Later, the US transport authority revealed about the permanent closure of their online store. Busch told the Infosecurity Magazine that the main reason for shutting their online store was to eliminate potential for any kind of additional customer information getting compromised.
Busch also confirmed that Southeastern Pennsylvania Transport Authority hasn't suffered any more attacks after closing of their online store.
» SPAMfighter News - 10/11/2019
We are happy to see you are reading our IT Security News.
We do believe, that the foundation for a good work environment starts with fast, secure and high performing computers. If you agree, then you should take a look at our Business Solutions to Spam Filter & Antivirus for even the latest version of Exchange Servers - your colleagues will appreciate it!