The Image Group Website Hacked Through SQL-Injection, Credit Cards Data Stolen
From January to August 2008, hackers through an SQL injection flaw were able to access names and credit or debit card information of the persons who placed orders on The Image Group e-commerce website. The Image Group (http://www.theimagegroup.net) is a firm for promotional products and corporate merchandise headquartered in Ohio.
The Image Group has notified the New Hampshire State Attorney General and online customers that their e-commerce site fell victim to a series of successful SQL injection attacks. The compromised database contained sensitive personal and financial information belonging to customers of the company.
While this was discovered in August, it appears that the unauthorized access began in January and occurred again in August of this year. Names, credit cards/debit cards numbers, expiration dates, addresses and the CVV codes were accessed by hackers. No social security numbers or dates of birth were involved.
Upon learning of the breach, the firm shut down the web site through which the unauthorized access occurred. In addition, they had a forensic audit performed. Currently they are working with the merchant bank and the Card Associations to address issues associated with the credit card information taken and to notify the issuing banks for those cards.
Toll-free number for questions is 866-272-5162.
More on CyberInsecure:
Leave a Reply
Comments with unsolicited links to other resources will be marked as spam. DO NOT leave links in comments. Please leave your real email, it wont be published.