Tag Archives: CVV numbers

Breach Brief – Macy’s, Adidas

Macy’s department stores has reported a data breach of customer data. The breach affects Macy’s online customers and exposed names, addresses, phone numbers, email addresses, birthdays, and credit and debit card numbers with expiration dates. Macy’s pointed out that it does not store credit verification values (CVV) or Social Security numbers in its online customer profiles. Macy’s has reported the data breach and exposed card numbers to payment processors Visa, MasterCard, American Express and Discover. Macy’s has not said how many customers are impacted.

According to Macy’s the breach took place between April 26 and June 12. The company reported that an “unauthorized third party” had obtained usernames and passwords and were able to log into Macy’s and subsidiary’s Bloomingdale’s shopper’s online profiles. It is not known how the hackers got the information. Macy’s reported the breach in a letter to the New Hampshire Attorney General’s Office on July 2nd.

Macy’s has frozen any customer profiles with suspicious activity until the customers change their passwords.

“We have investigated the matter thoroughly, addressed the cause and, as a precaution, have implemented additional security measures,” the company said in a statement. “Macy’s, Inc. will provide consumer protection services at no cost to those customers. We have contacted potentially impacted customers with more information about these services.”

 

Adidas

Adidas, maker of sportswear and equipment, issued a warning to online shoppers in the U.S. that their personal information may have been compromised as a result a suspected data breach.  Adidas first became aware of the incident on June 26 and analysts are saying that potentially millions of customers could be affected.

A preliminary investigation revealed that the hacker may have stolen customer’s contact information, usernames and encrypted passwords. Adidas does not believe any credit card or health and fitness information was compromised.

A statement on Adidas’ website read; “According to the preliminary investigation, the limited data includes contact information, usernames and encrypted passwords. Adidas has no reason to believe that any credit card or fitness information of those consumers was impacted.” The company is in the process of notifying affected customers.

Breach Brief – Best Buy, Delta, Sears, K-Mart

Delta Airlines, Sears, Kmart and Best Buy and others have all been hit with a data breach that is connected with  Indian Company [24]7.ai. According to a statement from the company, it “discovered and contained an incident potentially affecting the online customer payment information of a small number of our client companies, and affected clients have been notified.”  The incident took place Sept. 26 and was finally shut down on Oct. 12, 2017. The company has notified notified law enforcement.

[24]7.ai claims the breach affected a small number of clients but, in reality, that small number contains some the biggest, most well known, companies in the U.S. and the world.

[24]7.ai is a third party vendor that provides online and mobile chat services. According to CNET in addition to the above mentioned companies other big name companies potentially impacted by the breach include Hilton, AT&T, Citi, American Express, eBay and Farmers Insurance. Both American Express and Farmers Insurance have confirmed they were unaffected by the breach.

According to Sears, owners of K-Mart, unauthorized access to customer payment information was limited to less than 100,000 of its customer’s credit card information. Sears says there was no evidence that stores were compromised or that any internal Sears systems were inappropriately accessed.

Delta airlines, among the worlds largest, reported that certain customer payment information may have been accessed but denied other customer personal information, such as passport, government ID, security or SkyMiles information was impacted. “As best we can tell, only a small fraction of our overall online customer population could have been caught up in this [24]7.ai incident, whether or not they used the chat function.”  But Delta also stated that it can’t confirm if customer data was actually compromised. Delta is continuing its investigation and has launched a dedicated website to provide the latest developments to customers.

Delta stated that software used by [24]7.ai may have exposed the payment information of as many as several hundred thousand customers using Delta’s PC-accessed website. The company is especially concerned because customers didn’t have to interact with the chat tool to be hit by the hack.

According to Delta customer information compromised includes names, addresses, payment card numbers, CVV numbers, and expiration dates. Customers using the Delta’s Wallet service are considered safe as the malware could only grab information entered on the screen. Delta Wallet “masks” this sensitive information.

Electronic retailers Best Buy also acknowledged  it was hit by the same data breach related to [24]7.ai. In a blog post Best Buy said that [24]7.ai  had informed the company that an “illegal intrusion” had occurred between September 27 and October 12, 2017. Best Buy says it will inform affected customers directly and they will not be liable for fraudulent charges. It will also offer free credit monitoring.