BreachExchange mailing list archives

Previous By Date Next
Previous By Thread Next

Hackers Infiltrate Opening Ceremony's Online Boutique, Compromise Security

From: security curmudgeon <jericho () attrition org>
Date: Thu, 10 May 2012 11:57:53 -0500 (CDT)


---------- Forwarded message ----------
From: InfoSec News <alerts () infosecnews org>

http://blogs.artinfo.com/silhouettes/2012/05/09/hackers-infiltrate-opening-ceremonys-online-boutique/

By Ann Binlot
ARTINFO.com
May 9, 2012

We recently got hold of a piece of mail bearing bad news from the edgy 
boundary-pushing boutique Opening Ceremony stating that "a hacker placed 
malicious software on our website."

The letter -- dated May 4 and signed by Carol Lim, CEO and co-founder of 
the company -- says that the incident in question presumably took place on 
February 16. While the company took security precautions and removed the 
questionable software after the breach was discovered on March 21, it was 
more than enough time for the criminals to extract customers? private 
information.

     "Unfortunately, the hacker may have accessed the names, addresses,
     and credit card information of customers who purchased an item on
     our website during this period," reads part of the letter.

Opening Ceremony is currently working with data breach prevention and 
response specialist ID Experts to field questions and concerns from 
customers who may have been affected. ID Experts can be contacted at 
866-660-8617.

[...]

_______________________________________________
Dataloss Mailing List (dataloss () datalossdb org)
Archived at http://seclists.org/dataloss/
Unsubscribe at http://datalossdb.org/mailing_list

Supporters:

Risk Based Security (http://www.riskbasedsecurity.com/)
Risk Based Security equips organizations with security intelligence, risk
management services and on-demand security solutions to establish
customized risk-based programs to address information security and
compliance challenges. 

Tenable Network Security (http://www.tenable.com/)
Tenable Network Security provides a suite of solutions which unify real-time
vulnerability, event and compliance monitoring into a single, role-based, interface
for administrators, auditors and risk managers to evaluate, communicate and
report needed information for effective decision making and systems management.
Previous By Date Next
Previous By Thread Next

Current thread: