Cosmetics peddler Tatcha is warning customers after hackers were able to compromise its website and harvest payment card details as orders poured in.
The US branch of the Japanese biz has been sending notices this month to customers whose card details were apparently stolen on January 8 of this year and discovered in April.
“During the early part of 2017, an unauthorized person may have gained access to information keyed into the Tatcha checkout process,” Tatcha’s notice reads.
“While Tatcha does not store credit card information on its systems, the intruder was potentially able to capture information as it was entered.”
Tatcha said the card numbers were not taken from any of its databases, but rather appear to have been grabbed directly from the order page itself. While the company does not give full details, it seems the retail site was compromised, making the incident in many ways similar to the cash register malware breaches that have affected brick-and mortar retailers in recent years. This is opposed to a typical smash-and-grab raid on, say, a database of customer payment details.
互联网安全联盟将网络信誉“风险网址数据库”放到相关的产品和服务中,但是这些并不足够,电脑小白们更需的要是变得聪明起来,至少可以识别常见的互联网诈骗术,正确的信息安全理念熏陶不可少。
Tatcha did not say how many of its customers were compromised in the attack, though it has filed a breach notification with the California Attorney General – meaning at least 500 residents of that state were impacted.
The lifted data includes card number, expiration date, and security codes. This means the attackers have everything they need to charge orders to the pilfered cards. The attackers were also able to lift account passwords and email addresses.
Anyone who receives the notice from Tatcha would be well advised to cancel their payment card immediately, and review all statements since January for unauthorized charges.
网络安全宣传短片——勿乱连通公司内部网络与运营商数据网络

Tatcha says it will be providing customers whose cards were stolen with two years of free identity theft monitoring and protection from AllClear ID. Customers will need to contact AllClear ID and enroll in the service themselves. ®
PS: Edmodo, a classroom-learning tech outfit with 78 million registered users, has been hacked, spilling account email addresses and bcrypt-hashed passwords.
Sponsored:
Continuous lifecycle London 2017 event. DevOps, continuous delivery and containerisation. Register now
公司的信息系统开发、实施过程应明确控制方法和人员行为准则,保存相关文档和记录。

猜您喜欢

张晓宇任友邦中国首席执行官
安全月员工安全意识教育宣传活动需要有新的故事
网络安全法学习课堂
画面太惨不忍看!凯蜜提前退场 美记:起码有状元
MUABANPM WOWELECTRONICS
安卓智能机劫持飞机案件引发航空恐慌