CyberInsecure.com

Daily cyber threats and internet security news: network security, online safety and latest security alerts
June 24th, 2008

Customers Data Stolen From Compromised Balmar E-commerce Server

Maryland State Attorney General was notified by Balmar Incorporated about a breach that occurred between April 4, 2008 and April 30, 2008, in which sensitive customer information was compromised. Balmar is a provider of print and graphic communications services, as well as a regional provider of on-site production and administrative services, recently experienced a data security breach in its e-commerce site server.

Balmar has reason to believe that the personal information of 7 of its online customers who reside in the State of Maryland may have been accessed sometime between April 4, 2008 and April 30, 2008 without proper authorization. The personal information affected may include customer names, addresses, telephone numbers, emails, and credit card information.

Balmar has determined that at least one fraudulent credit card transaction has occurred as a result of this incident. A full analysis of their e-commerce server logs revealed on March 27, 2008, an individual initiated several SQL-injections queries on the main page of Balmar e-commerce website from an IP address in Viet Nam. Random queries were attempted over time through March 31st. By March 31st, the individual had gathered enough information to pipe the queries to a search bot. By April 4th, the search bot was able to access and transfer data from e-commerce server to a web page.

Once discovered, Balmar reported the incident to the Virginia State Police and the FBI; contacted the web page host to demand that the page be disabled; removed all credit card information from the affected area of the database and moved it to a secured area of the database that cannot be accessed by the method used during the incident; installed an additional database security solution to detect and prevent any future attempted security breaches; sent notice to affected customers by letter and e-mail.

Balmar’s investigation of this incident is ongoing. For more information, call 1 (800) 265-2724 or email bseger<at>balmar.com.

Share this item with others:

More on CyberInsecure:
  • The Image Group Website Hacked Through SQL-Injection, Credit Cards Data Stolen
  • Gloria Jeans Coffee Website, gloriajeans.com, Hacked, Atleast 511 Customers Credit Crads Details Stolen
  • Stolen Business And Personal Data Found On Open Botnet Server
  • Credit Cards Data Stolen In 1st Source Bank Intrusion
  • Cotton Traders Clothing Firm Customers Credit Card Details Stolen From Hacked Website

    • Posted in Breaches And Incidents, Data Theft, SQL Injections | Print This Post Print This Post

    This entry was posted on Tuesday, June 24th, 2008 at 7:52 am and is filed under Breaches And Incidents, Data Theft, SQL Injections. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

    If you found this information useful, consider linking to it from your own website.
    Just copy and paste the code below into your website (Ctrl+C to copy)
    It will look like this: Customers Data Stolen From Compromised Balmar E-commerce Server

    Leave a Reply

    Comments with unsolicited links to other resources will be marked as spam. DO NOT leave links in comments. Please leave your real email, it wont be published.

    *
    To prove you’re a person (not a spam script), type the security word shown in the picture. Click on the picture to hear an audio file of the word.

    « «
    » »