Altman Weil online store was compromised by a virus that may have exposed the credit card information of certain store customers. It has been discovered on May 16, 2008 by the company that hosts the online store website. The hosting company remains unnamed in the official Maryland State Attorney General breach notification, but the current hoster of Altman Weil online store seems to be mindSHIFT.
Upon learning of this unauthorized breach and attack, on that same day, Altman Weil immediately authorized the hosting company to shut the site down so that access was no longer possible. Altman Weil assured that the hosting company has preserved logs and electronic evidence, has logged all actions taken, and has not altered or compromised the systems.
According to the hosting company, the server on which the online store located was password protected and had current firewalls and security protection, but it seems like, what company calls “SQL virus”, may nonetheless have accessed credit card information.
This attack is currently under investigation in order to fully determine the extent to which credit card information of customers may have been accessed.
Altman Weil notified all card holders by letter of the situation and the possible risk. They notified police department located in Newton Square, Pennsylvania, where Altman Weil is located on May 23, 2008. Also contacted: Secret Service’s ECTF and Electronic Crimes Working Group, every state Attorney General in the states where potentially affected cardholders reside, Federal Trade Commission, Office of Thrift Supervision, Office of the Comptroller of the Currency, Federal Deposit Insurance Corporation, Board of Governors of the Federal Reserve System.
For more information, Joann Miller at Altman Weil, Inc. can be contacted at 610-886-2006, or via email at: jamiller<at>altmanweil.com.
More on CyberInsecure: