Customers Data Stolen From Compromised Balmar E-commerce Server
Maryland State Attorney General was notified by Balmar Incorporated about a breach that occurred between April 4, 2008 and April 30, 2008, in which sensitive customer information was compromised. Balmar is a provider of print and graphic communications services, as well as a regional provider of on-site production and administrative services, recently experienced a data security breach in its e-commerce site server.
Balmar has reason to believe that the personal information of 7 of its online customers who reside in the State of Maryland may have been accessed sometime between April 4, 2008 and April 30, 2008 without proper authorization. The personal information affected may include customer names, addresses, telephone numbers, emails, and credit card information.
Balmar has determined that at least one fraudulent credit card transaction has occurred as a result of this incident. A full analysis of their e-commerce server logs revealed on March 27, 2008, an individual initiated several SQL-injections queries on the main page of Balmar e-commerce website from an IP address in Viet Nam. Random queries were attempted over time through March 31st. By March 31st, the individual had gathered enough information to pipe the queries to a search bot. By April 4th, the search bot was able to access and transfer data from e-commerce server to a web page.
Once discovered, Balmar reported the incident to the Virginia State Police and the FBI; contacted the web page host to demand that the page be disabled; removed all credit card information from the affected area of the database and moved it to a secured area of the database that cannot be accessed by the method used during the incident; installed an additional database security solution to detect and prevent any future attempted security breaches; sent notice to affected customers by letter and e-mail.
Balmar’s investigation of this incident is ongoing. For more information, call 1 (800) 265-2724 or email bseger<at>balmar.com.
More on CyberInsecure:
Leave a Reply
Comments with unsolicited links to other resources will be marked as spam. DO NOT leave links in comments. Please leave your real email, it wont be published.