Card details stolen in web hack

Clothing company Cotton Traders has been found to have had 38,000 customer credit card numbers taken from its website in an attack earlier this year. The firm has not directly confirmed the size of this attack as yet.

Barclaycard, the firm's card processor, was contacted as soon as the breach was discovered, and all cards were blocked. Security experts were brought in to fix any holes in the site, although the exact point of entry was not discovered.

The firm has said customers worried about their cards should contact their card provider.

View: BBC News

Report a problem with article
Previous Story

Bob Muglia to deliver Tech-Ed IT Professionals keynote today

Next Story

Western Digital Launches Terabyte 'Black' Drive

7 Comments

Commenting is disabled on this article.

And is the reason I have never used my real CC numbers online. Every transaction, no matter if it is at a big company like amazon or a small company, I always use a virtual 1 time use CC number. If you don't, I would suggest that you start and if you CC company doesn't provide it, then get a new CC. BTW, I use citibank.

Why are merchants even collecting credit card data?

In case of disputes, the merchants only require the transaction IDs from the credit card processor.

This really is a pet hate of mine. As a web developer myself, I've seen all too often the poor code that some marketing agencies push out to their clients. There has been at least 3 occasions in the past 8 months where I have had to patch up major household names web stores because of very poor code, simply because people are not using developers that are too concerned with quick delivery and ultmately complacent.

One of the companies i've had to patch in the past has been a household name pretty much worldwide....and had a SQL injection hack in their login script....which was live and getting 100's of 1000's of hits a day!

It's about time there became some way of qualifying developers, or restricting who can work with sensitive materials such as credit card details. Or frankly, make it illegal to store the numbers...theres no reason why a site can't simply ask for the credit card data entering each checkout rather than storing it - send it straight to the card processor, and remove all trace of the card thus not having anything to be hacked / stolen....

This is pathetic, yet another company not securing data.

What happens to the customers who may now face Identify theft, headaches and lots of paper work.

A mere sorry and the good news that its now safe to shop at the site again?

Companies should be made accountable for breaches like this, and should lose their right to trade and all assets taken and used to pay off the cost of the breach because they didnt care enough in the first place.