NIS America is begonnen met het e-mailen van klanten van zijn online winkel om hen te laten weten dat het een datalek heeft geleden. De breuk werd ontdekt op 26 februari en het kwaadwillige proces dat werd ontdekt, liep al op 23 januari.
Dit is wat de winkel en het bedrijf zeiden dat er is gebeurd. Blijkbaar zullen de getroffenen krediet krijgen.
NIS America geeft aan
On the morning of February 26th, we became aware of a malicious process that had attached itself to our checkout page. This process was being used as far back as January 23rd, 2018 to skim personal information provided by our customers during checkout after they placed an order at our store.
After entering their billing, shipping, and payment information, the customer would be temporarily redirected to an offsite web page not owned or operated by NIS America, Inc. This malicious process would record the information provided by the customer during the checkout process, including credit card information, billing address, shipping address, and email address. Afterward, the malicious process would return the customer to the NIS America store page to complete their transaction.
Transactions conducted in this manner were still successfully completed on the NIS America store pages. However, the payment information recorded by the malicious process could be used for fraudulent charges in the future. Fraudulent payments could be attempted at any storefront that accepts credit card payments, not just NIS America, Inc. store pages.