Gloria Jeans Coffee Website, gloriajeans.com, Hacked, Atleast 511 Customers Credit Crads Details Stolen
Earlier this month, gloriajeans.com website was the subject of an attack that allowed an unknown person or persons to obtain the addresses and credit card numbers of 511 of the customers as they were placing orders on the site. According to New Hampshire State Attorney General, Gloria Jeans Coffee (Gloria Jean’s) recently experienced a data security breach in its e-commerce site hosted by Smith Micro, Inc.
The personal information affected may include customer names, addresses, telephone numbers, emails, and credit card information. Gloria Jean’s has not determined that any fraudulent credit card transaction has occurred as a result of this incident. Since Social Security Numbers or other financial account information is not collected, the attacker accessed only credit card numbers, names and addresses.
A full analysis of the e-commerce server files revealed on September 4th, 2008 an individual initiated modifications to checkout web pages from a shared IP address located in the United States. On September 10, 2008, the intrusion was identified and it was clear that the modifications were able to access and screen capture the personal transaction information and dump the information to an external server and log file. The encrypted database was not exposed to this intrusion.
Once discovered, Gloria Jean’s immediately took its website off line and confirmed that there was no malicious or unauthorized code included as part of its website before returning the site was returned to service. They also contacted the server host of the intruder’s log file with consumer information to have the IP address disabled and inaccessible. The incident was reported to the United States Secret Service Electronics Crimes Task Force (ECTF) and a notice was sent to affected customers by U.S. First Class mail and email.
Gloria Jean’s investigation of this incident is ongoing in cooperation with its initial report and provision of materials to a representative from the ECTF.
More on CyberInsecure:
Leave a Reply
Comments with unsolicited links to other resources will be marked as spam. DO NOT leave links in comments. Please leave your real email, it wont be published.