SAN FRANCISCO—More than 800 e-commerce sites worldwide have been targeted by a digital credit card skimming campaign, according to cybersecurity firm RiskIQ.
As of June 30, Ticketmaster revealed that customers' credit card information was breached from various Ticketmaster websites, though no North American customers were compromised.
However, RiskIQ said hacking group Magecart, which it has tracked since 2015, had a more extensive campaign that targeted more than 800 sites between February 2017 and June 2018. It found in the Ticketmaster breach that the group stole payment information through a third-party supplier, Inbenta, rather than Ticketmaster directly, NAFCU reported.
"Even more disturbing, the Ticketmaster breach demonstrates that the Magecart actors are continuing to refine their techniques and get better at target selection," RiskIQ said in its report. "…They seem to have gotten smarter—rather than go after websites, they’ve figured out that it’s easier to compromise third-party suppliers of scripts and add their skimmer. In some cases, compromising one of these suppliers gives them nearly 10,000 victims instantly."
NAFCU noted that it has been active with lawmakers since the massive 2013 Target data breach stressing the need for a legislative solution to reform the nation's data security system. Both NAFCU and CUNA have been sharing with credit unions would like to see addressed in any comprehensive cyber and data security legislation