main
Report a problem

Card details stolen in web hack

tiddlie   on 10 June 2008 - 21:11 · 7 comments & 6898 views

Advertisement (Why?)
Clothing company Cotton Traders has been found to have had 38,000 customer credit card numbers taken from its website in an attack earlier this year. The firm has not directly confirmed the size of this attack as yet.

Barclaycard, the firm's card processor, was contacted as soon as the breach was discovered, and all cards were blocked. Security experts were brought in to fix any holes in the site, although the exact point of entry was not discovered.

The firm has said customers worried about their cards should contact their card provider.

View: BBC News

Share this Article

  • Technorati
  • Magnolia
  • Stumble upon it
  • Reddit
  • Blink List
  • Delicious
  • Slashdot
  • Furl
  • Facebook
  • Windows Live
  • Google
  • Newsvine
  • Yahoo
  • RawSugar
  • Netvouz

About the Author

Full name: Unknown
User name: tiddlie
Contact: via forum PM
Submissions: View All
More: View Profile

Related news

 

Post a comment · Send to friend Comments · There are 7 additional comments
#1 NimrodUK on 10 Jun 2008 - 22:45
This is pathetic, yet another company not securing data.

What happens to the customers who may now face Identify theft, headaches and lots of paper work.

A mere sorry and the good news that its now safe to shop at the site again?

Companies should be made accountable for breaches like this, and should lose their right to trade and all assets taken and used to pay off the cost of the breach because they didnt care enough in the first place.

#2 tiddlie on 11 Jun 2008 - 00:55
This really is a pet hate of mine. As a web developer myself, I've seen all too often the poor code that some marketing agencies push out to their clients. There has been at least 3 occasions in the past 8 months where I have had to patch up major household names web stores because of very poor code, simply because people are not using developers that are too concerned with quick delivery and ultmately complacent.

One of the companies i've had to patch in the past has been a household name pretty much worldwide....and had a SQL injection hack in their login script....which was live and getting 100's of 1000's of hits a day!

It's about time there became some way of qualifying developers, or restricting who can work with sensitive materials such as credit card details. Or frankly, make it illegal to store the numbers...theres no reason why a site can't simply ask for the credit card data entering each checkout rather than storing it - send it straight to the card processor, and remove all trace of the card thus not having anything to be hacked / stolen....
#3 FloatingFatMan on 11 Jun 2008 - 07:42
Damn, and I used to use Cotton Traders too. Guess I'd better contact my bank and see if I need to change my card...
(1 reply) #4 mocax on 11 Jun 2008 - 08:39
Why are merchants even collecting credit card data?

In case of disputes, the merchants only require the transaction IDs from the credit card processor.
#4.1 Magallanes on 11 Jun 2008 - 13:40
Good question.

is it so hard to use a payment gateway?.

#5 draklin on 11 Jun 2008 - 12:42
And is the reason I have never used my real CC numbers online. Every transaction, no matter if it is at a big company like amazon or a small company, I always use a virtual 1 time use CC number. If you don't, I would suggest that you start and if you CC company doesn't provide it, then get a new CC. BTW, I use citibank.
#6 SeanusT on 11 Jun 2008 - 16:03
The company should have been PCI-DSS compliant anyway.

I'm pretty sure they will have to undergo a full audit by a PCI-DSS QSA now.

Commenting has either been disabled on this article or you are not logged in. Click here to login or register, its free!

Note: Anonymous commenting is disabled in order to keep the quality of responses to a high standard.

Advertisement (Why?)
News powered by Neowin Management System (Build - 5.0.1390) © 2000 - 2008 Neowin.net