Largest Pathologists Association Worldwide Discloses Credit Card Incident

The American Society for Clinical Pathology Disclosed That A Payment Card Incident Took Place and Impacted Customers Who Entered Payment Information on Its E-commerce Platform.

LAST UPDATED ON APRIL 12, 2021
QUICK READ
1 min
Let's get started!
DORA
TUDOR
CYBER SECURITY ENTHUSIAST

The association for medical professionals based in Chicago is the world’s largest organization for pathologists and laboratory professionals, having over 100,000 medical laboratory professionals, clinical and anatomic pathologists, residents, and students as its members.

We have recently been informed that our e-commerce website was the target of a cybersecurity attack that, for a limited time period, potentially exposed payment card data as it was entered on our website.
We engaged external forensic investigators and data privacy professionals and conducted a thorough investigation into the incident.

Source 

On the 11th of March, 2021, ASCP discovered the fact that the attackers might have had access to the customers’ payment methods like their card information, including names, credit or debit card numbers, card expiration dates, and the CVV codes.

Source

The American Society for Clinical Pathology association added that it had found no evidence that customers’ exposed payment card information was misused after the incident, furthermore declaring that it does not store any of its customers’ payment card data on its servers and had implemented security measures in order to prevent similar incidents in the future.

We resolved the issue that led to the potential exposure on the website. We implemented additional security safeguards to protect against future intrusions. We continue ongoing intensive monitoring of our website, to ensure that it exceeds industry standards to be secure of any malicious activity.

Source 

While the incident’s exact nature remains unknown, all evidence gathered so far points to the fact that that the customers were victims of a well-known type of web skimming, also known as a Magecart attack.

Heimdal Official Logo
Your perimeter network is vulnerable to sophisticated attacks.

Heimdal® Network DNS Security

Is the next-generation network protection and response solution that will keep your systems safe.
  • No need to deploy it on your endpoints;
  • Protects any entry point into the organization, including BYODs;
  • Stops even hidden threats using AI and your network traffic log;
  • Complete DNS, HTTP and HTTPs protection, HIPS and HIDS;
Try it for FREE today 30-day Free Trial. Offer valid only for companies.

In these attacks, the threat actors are injecting JavaScript-based scripts known as credit card skimmers, also known as Magecart scripts, payment card skimmers, or web skimmers, that once deployed allow the attackers to harvest and steal the payment and the personal information belonging to online stores’ customers, with the purpose of using the data in various financial or identity theft fraud schemes.

RELATED

What is Eradication in Cybersecurity? An Essential Part Of Incident Response Plans

Hackers Are Using Web Shells to Steal Credit Card Information

Security Alert: Mass Credit Card Stealing Campaign Detected in Online Shops

Leave a Reply

Your email address will not be published. Required fields are marked *

GO TO TOP