Largest Pathologists Association Worldwide Discloses Credit Card Incident
The American Society for Clinical Pathology Disclosed That A Payment Card Incident Took Place and Impacted Customers Who Entered Payment Information on Its E-commerce Platform.
The association for medical professionals based in Chicago is the world’s largest organization for pathologists and laboratory professionals, having over 100,000 medical laboratory professionals, clinical and anatomic pathologists, residents, and students as its members.
We have recently been informed that our e-commerce website was the target of a cybersecurity attack that, for a limited time period, potentially exposed payment card data as it was entered on our website.
We engaged external forensic investigators and data privacy professionals and conducted a thorough investigation into the incident.
On the 11th of March, 2021, ASCP discovered the fact that the attackers might have had access to the customers’ payment methods like their card information, including names, credit or debit card numbers, card expiration dates, and the CVV codes.
The American Society for Clinical Pathology association added that it had found no evidence that customers’ exposed payment card information was misused after the incident, furthermore declaring that it does not store any of its customers’ payment card data on its servers and had implemented security measures in order to prevent similar incidents in the future.
We resolved the issue that led to the potential exposure on the website. We implemented additional security safeguards to protect against future intrusions. We continue ongoing intensive monitoring of our website, to ensure that it exceeds industry standards to be secure of any malicious activity.
While the incident’s exact nature remains unknown, all evidence gathered so far points to the fact that that the customers were victims of a well-known type of web skimming, also known as a Magecart attack.
Heimdal® Network DNS Security
- No need to deploy it on your endpoints;
- Protects any entry point into the organization, including BYODs;
- Stops even hidden threats using AI and your network traffic log;
- Complete DNS, HTTP and HTTPs protection, HIPS and HIDS;
In these attacks, the threat actors are injecting JavaScript-based scripts known as credit card skimmers, also known as Magecart scripts, payment card skimmers, or web skimmers, that once deployed allow the attackers to harvest and steal the payment and the personal information belonging to online stores’ customers, with the purpose of using the data in various financial or identity theft fraud schemes.