‘Tis the Season for Data Breaches…Again
Dec. 11, 2014
Data breaches rose to the public consciousness last holiday season when the infamous intrusion at Target took place and they continued unabated all year. This year, another breach was acknowledged, this time at a mobile payment provider. Charge Anywhere, a South Plainfield, N.J.-based gateway provider that connects m-commerce merchants to their payment processors, released a statement confirming malicious malware had been found on its system and that unencrypted payment-card data may have been compromised.
“The investigation revealed that an unauthorized person initially gained access to the network and installed sophisticated malware that was then used to create the ability to capture segments of outbound network traffic. Much of the outbound traffic was encrypted,” according to the statement. “However, the format and method of connection for certain outbound messages enabled the unauthorized person to capture and ultimately then gain access to plain text payment card transaction authorization requests.”
In other words, the data was not always encrypted and the hackers were able to steal names, card numbers, expiration dates and CVV codes. The company, which has been investigating the intrusion since it was discovered nearly three months ago, claims it has only found evidence of compromised data between Aug. 17 and Sept. 24 of this year, but “the unauthorized person had the ability to capture network traffic as early as Nov. 5, 2009.”
Charge Anywhere has provided a searchable list of merchants that may have been affected by this breach.