Magecart Monthly: Record £183m fine for British Airways.
Read the latest news on Magecart attacks! We’ve trawled the web for the latest news of data breaches, including updates on previous attacks. Now featuring insider insights from our own Security Researcher!
Latest attacks:
- Quest Diagnostics and LabCorp
- Princess Polly
- Twitter Disclosures
- British Airways Update
Quest Diagnostics and LabCorp
New! Major Attack on US Medical Debt Collection company American Medical Collection Agency (AMCA). Their payment portal was compromised for 8 months from August 1st, 2018 to March 30th, 2019. ZDNet report that over 20 million US citizens have been impacted by the security incident. Companies affected by the attack include; Quest Diagnostics, LabCorp, BioReference Laboratories, Carecentrix, and Sunrise Laboratories. As part of the attack, names, social security numbers, addresses, dates of birth, and payment card information
AMCA announced in a statement; “We hired a third-party external forensics firm to investigate any potential security breach in our systems, migrated our web payments portal services to a third-party vendor, and retained additional experts to advise on, and implement, steps to increase our systems’ security.”
Multiple lawsuits are filed against Quest Diagnostics, AMCA, and LabCorp for delaying notifications and failing to protect patient data. US regulators are also investigating at this time.
AMCA’s four largest clients immediately stopped doing business with the company and due to this loss of business, AMCA
This is
Princess Polly
Australian online fashion retailer Princess Polly suffered a Magecart attack from the 1st November, 2018 to 29th
On the 31st May, in a Security Incident announcement on their website the company stated; “We have recently discovered an unidentified third party gained unauthorised access to our website. During this process, the third party may have accessed customers’ personal information and payment details entered on our website.” Going on to explain; “When you enter payment information on our site, it is redirected to a payment gateway which means that Princess Polly does not process the payment information and it is not stored by Princess Polly, however, during this incident, the third party may have been able to access credit card details while being entered at check-out”. Co-CEO of Princess Polly Wez Bryett states; “As soon as we became aware of this incident, we took immediate steps to investigate and confirm that our website was secure.” and included an apology to customers.
This incident affected customers on the Australian and New Zealand sites and did not impact customers on the US site. The company is undertaking a full investigation and has also upgraded their payment gateway provider to Braintree.
Twitter Disclosures
RapidSpike Security Researcher speaks about online disclosures, stating; “There have been over 110,000 Magecart attacks recorded, however, only a small number of attacks make news headlines, sifting through Twitter you’ll be able to see frustrated individuals and independent researchers reporting vulnerabilities to companies with no response being acknowledged or actions
Just one recent example is Noco, a battery products manufacturer. On 17th June @MarcelMalware reported the company’s website had been attacked, announcing on Twitter:
“Hi @noco your Magento eCommerce website has been compromised. Please alert your dev team.”
With the below screenshot:
@Malwrhunterteam responded explaining that the site had not yet been cleaned and that there were in fact 54 malicious JavaScript files. There have been no further developments or updates on this data breach as Noco continue to publish social posts and take online orders without addressing the incident.
British Airways Update
Announced today; The Information Commissioner’s Office (ICO) intends to fine British Airways £183.4m for their data breach last year. British Airways disclosed they had suffered an attack between April and June 2018 which affected around 500,000 customers. After an “extensive investigation” the ICO have concluded customer’s data was compromised by “poor security arrangements”. British Airways have responded to the proposed fine saying they’re “surprised and disappointed”.
RapidSpike security researchers have taken the time to investigate all attacks mentioned. We can confidently say our Data Breach Monitor would have detected every attack. Learn more about our Data Breach Monitor.
Other Security News:
Magecart’s ‘shotgun approach’ to payment card theft.
Why SREs Should Worry More About Third-Party JavaScript.
Google Recommends Using JavaScript “Responsibly”.
Two hacking groups responsible for huge spike in hacked Magento 2.x stores.
Apple CEO Tim Cook: Technology companies need to take responsibility for chaos they create.