Hackers Pilfer Credit Card Info of 1.8 Mn People from 4 Sports Gear Sites!
In a shocking turn of events, cybercriminals gained illegitimate access to four affiliated sports gear online shopping websites.
The threat actors pilfered critical information of 1,813,224 customers. The stolen information included full names, financial account numbers, credit and debit card numbers with CVVs, and website login credentials.
Though the hackers illegitimately gained access to customer data on October 1st, the websites identified the data breach after 15 days, i.e., on October 15th. More startling is that the companies could confirm the loss of financial information only after 45 days on November 29th.
Read: Kronos Suffers Ransomware Attack, Around 2,000 US Firms Bear the Brunt!
This timeline emphasizes how sophisticated and stealthy the cyberattack is.
The websites that suffered the breach are as follows:
- Running Warehouse LLC (runningwarehouse.com) – Running apparel
- Tennis Warehouse LCC (tennis-warehouse.com) – Tennis apparel
- Skate Warehouse LLC (skatewarehouse.com) – Skateboards and skating apparel
- Tackle Warehouse LLC (tacklewarehouse.com) – Fishing gear
The companies notified the affected customers on December 16th, 2021.
“Upon becoming aware of the incident, Tackle Warehouse took the appropriate measures. We also reported the incident to the payment card brands in an attempt to prevent fraudulent activity on the affected accounts,” notified Tackle to its customers.
“We also reported the incident to law enforcement and have worked closely with the digital forensics firm to enhance the security of our sites to facilitate safe and secure transactions.”
Also Read: Two Massive Hacks Come to Light; Data of Volvo and Cox Compromised
However, none of the notices furnished any details on the nature of the data breach. So, the information of how hackers infiltrated the websites remains unknown.
Security experts claim that the incident looks close to a database breach rather than the card skimming technique.
Whatever may be the case, customers of these four websites are directed to treat incoming communications with vigilance, monitor bank account and credit card statements, and report any suspicious transactions without ado.
However, the customers are likely to take a severe hit as the companies haven’t offered any identity protection service even though the compromised data is extremely sensitive.
How can one prevent these attacks?
This incident underscores how companies must be vigilant to identify and address cyberattacks swiftly. One ought to take heed of the fact that the longer the data breach is unidentified, the higher the repercussions are.
Businesses must adopt a strategic Cyber Incident Response (CIR) plan to respond and recover swiftly during an incident. However, developing and maintaining an in-house CIR capability can be arduous. This is where StealthLabs proves worthy.
StealthLabs’ Cybersecurity Incident Response Services help your organization imbibe the capabilities to enable end-to-end protection, from preparation to recovery. We bring in cutting-edge incident management, forensics, and security intelligence to help you proactively respond to a cyberattack and control the damage. Join forces with us today to stove away cyber incidents effectively and efficiently.
More New Articles:
- Over 1 Million Devices Infected in Russian Botnet Attack: Warns Google
- BitMart Falls Victim to a Crypto Heist, Loses USD 200 Million in Tokens!
- 86% of Compromised Google Cloud Accounts Leveraged for Crypto Mining!
- Panasonic Suffers Data Breach; Remains Undetected for Ages
- Microsoft’s Bug Exploited by Threat Actor; Multiple Users Compromised!