CyberInsecure.com

Daily cyber threats and internet security news: network security, online safety and latest security alerts
October 13th, 2008

The Image Group Website Hacked Through SQL-Injection, Credit Cards Data Stolen

From January to August 2008, hackers through an SQL injection flaw were able to access names and credit or debit card information of the persons who placed orders on The Image Group e-commerce website. The Image Group (http://www.theimagegroup.net) is a firm for promotional products and corporate merchandise headquartered in Ohio.

The Image Group has notified the New Hampshire State Attorney General and online customers that their e-commerce site fell victim to a series of successful SQL injection attacks. The compromised database contained sensitive personal and financial information belonging to customers of the company.

While this was discovered in August, it appears that the unauthorized access began in January and occurred again in August of this year. Names, credit cards/debit cards numbers, expiration dates, addresses and the CVV codes were accessed by hackers. No social security numbers or dates of birth were involved.

Upon learning of the breach, the firm shut down the web site through which the unauthorized access occurred. In addition, they had a forensic audit performed. Currently they are working with the merchant bank and the Card Associations to address issues associated with the credit card information taken and to notify the issuing banks for those cards.

Toll-free number for questions is 866-272-5162.

Share this item with others:

More on CyberInsecure:
  • Intel Website Hacked, Personal Data Exposed Through SQL Injection
  • New Lateral SQL Injection Method To Hack Oracle Database
  • Cotton Traders Clothing Firm Customers Credit Card Details Stolen From Hacked Website
  • Malaysian Kaspersky Antivirus Website Has Been Hacked In An SQL Injection Attack
  • MySQL.com Database Compromised Through SQL Injection, Localized Website Versions Also Affected

    • Posted in Breaches And Incidents, Data Theft, SQL Injections | Print This Post Print This Post

    This entry was posted on Monday, October 13th, 2008 at 3:54 pm and is filed under Breaches And Incidents, Data Theft, SQL Injections. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

    If you found this information useful, consider linking to it from your own website.
    Just copy and paste the code below into your website (Ctrl+C to copy)
    It will look like this: The Image Group Website Hacked Through SQL-Injection, Credit Cards Data Stolen

    Leave a Reply

    Comments with unsolicited links to other resources will be marked as spam. DO NOT leave links in comments. Please leave your real email, it wont be published.

    *
    To prove you’re a person (not a spam script), type the security word shown in the picture. Click on the picture to hear an audio file of the word.

    « «
    » »