U.S. online store PulseTV has disclosed a credit card data breach that has impacted more than 200,000 customers earlier this year and alerted by VISA, then It performed some security checks on its website but didn’t find any indication of compromise.
The company was alerted again by VISA was in July, but only a few months later law enforcement informed it about additional payment card compromises that appeared to have originated from its website. The company started working a legal counsel that hired cybersecurity experts to assist with the investigation,
On November, 2021, the investigators become aware that the website had been identified as a common point of purchase for a number of unauthorized credit card transactions for MasterCard.
PulseTV believes that only customers who purchased products on the website with a credit card between November 1, 2019 and August 31, 2021 were impacted.
The information that may have been compromised includes:
- Full name
- Shipping address
- Email address
- Payment card number
- Payment card expiration date
- Payment card security code (CVV)
Customers are potentially exposed to a broad range of frauds, including fraudulent card-not-present transactions.The company will take the following measures to prevent similar incidents in the future:
- Adding two-factor authentication requirements for all internal devices
- Utilizing end-point detection and response tools to provide greater network visibility and threat mitigation
- Migrating to a different payment system.
The company is still investigating the security breach with the payment card networks and law enforcement, and is notifying state regulators and impacted customers. At this time the company has yet to determine if it was the victim of a Magecart attack or the stolen card were only used on PulseTV for cash-out.