• Children's shoemaker Start-Rite confirms major security incident,

    From TechnologyDaily@1337:1/100 to All on Friday, November 15, 2024 14:15:05
    Children's shoemaker Start-Rite confirms major security incident, full customer details leaked

    Date:
    Fri, 15 Nov 2024 14:03:00 +0000

    Description:
    A misconfiguration on permissions leaked sensitive data on millions of Start-Rite customers.

    FULL STORY ======================================================================Start-Ri te notifies customers of a major data breach which saw credit card data exposed The details about the attackers are unknown at this time Users with purchases between October 14 and November 7 should scrutinize their bank statements

    Children's footwear brand Start-Rite has confirmed suffering a painful data breach in which it lost customer payment information.

    The company confirmed the breach in a message to affected customers, The Register revealed, however, not all details about the breach are known at
    this time, so we dont know who the attackers were, how many people were affected, or how the breach occurred.

    What we do know is that the incident happened between October 14 and November 7, as Start-Rite told customers in its data breach notification email. The information stolen includes full names - as seen on credit and debit cards - postal addresses to which the cards are registered, card numbers, expiry dates, and the CVV numbers. In other words - whoever took this information
    has everything they need to make online card purchases, commit wire fraud, identity theft , and more. NHS and friends

    "On 11 November, Start-Rite Shoes became aware that it had suffered a
    security incident via a third-party application code on www.startriteshoes.com," the company told The Register . "The breach potentially provided access to customer bank card information. The website is now secure and the malicious code and third-party app have been removed."

    The companys social channels, and its website, say nothing about the incident just yet, but Start-Rite advised customers to disable the cards and ask their banks for a new one, noting, "we would advise you to contact your bank or credit card provider and ask them to stop the card you used to pay us and issue you with a replacement. You may be able to do this immediately via your mobile banking or credit card app.

    The company also advised users to double-check all transactions from October 14 onward. If you do see anything which appears strange, you should contact your bank or credit card provider, tell them that you did not authorize the transaction, and ask for a refund. You may wish to provide them with a copy
    of this email to support your request.

    Given the wording of the statement, this seems to have been a credit card skimmer code installed on the companys ecommerce site, such as the one MageCart crooks used to drop. You might also like MageCart attacks return to target hundreds of outdated ecommerce sites Here's a list of the best firewalls around today These are the best endpoint protection tools right now



    ======================================================================
    Link to news story: https://www.techradar.com/pro/security/childrens-shoemaker-start-rite-confirms -major-security-incident-full-customer-details-leaked


    --- Mystic BBS v1.12 A47 (Linux/64)
    * Origin: tqwNet Technology News (1337:1/100)