PulseTV, the “As Seen on TV” retailer announced that they have been the victim of a breach. The breach started in November of 2019 and continued undetected until August of 2021. The breach was not discovered until November of 2021, by which time over 200,000 credit card records may have been exposed.

In a notification letter sent by PulseTV to its customers, they stated that Visa contacted them on March 8, 2021, and said that they were a common point of purchase for fraudulent credit card use, and that their e-commerce website may have been breached. PulseTV checked their network for malware and reviewed their security settings. They found no evidence to indicate that their site had been breached.

A few months after Visa contacted them, they were contacted by a law enforcement agency that was investigating fraudulent transactions that appeared to have come from pulsetv.com. According to the notification sent to customers, at that point PulseTV “started working with legal counsel with an expertise in cybersecurity. Legal counsel also hired nationally-recognized cybersecurity experts to assist with the investigation.”

The letter goes on to state “On November 18, 2021, our investigator learned that the website had been identified as a common point of purchase for a number of unauthorized credit card transactions for MasterCard. Based upon communications with the card brands, it is believed that only customers who purchased products on the website with a credit card between November 1, 2019 and August 31, 2021 may have been affected. The investigation was unable to verify that the website was the cause of the unauthorized transactions. However, in an abundance of caution, PulseTV is notifying customers, including you, who purchased products on our website during that time period so that they can take steps to protect and secure their credit card information.”

The Daily Swig reports that “The symptoms of the incident match those of earlier Magecart-style attacks that involve planting JavaScript skimmers within the checkout process of online stores.”

A Magecart attack is a cyberattack that injects malicious code into ecommerce checkout pages. This allows the hacker to “skim” sensitive and payment card data. Detecting this type of attack early is essential to preventing or minimizing the loss of card data. The use of file-integrity monitoring or change-detection software and regular internal and external network scans are crucial to early detection, as is requiring strong authentication for all access to system components, and things as simple as anti-virus protection and regularly applying security patches. This breach went undetected for nearly two years, despite notifications from Visa, law enforcement, and Mastercard, which led to a significant number of records being compromised.

Source:  Maxpci

maxpcicomply.com