Newsroom

Cybersecurity firm RiskIQ has determined that more than 800 e-commerce sites worldwide have been targeted by a digital credit card skimming campaign. NAFCU – a leading advocate for national data security standards – continues to push for the adoption of data and cybersecurity standards for all entities that hold consumers' information.

At the end of June, Ticketmaster revealed that customers' credit card information was breached from various Ticketmaster websites, though no North American customers were compromised.

However, RiskIQ said hacking group Magecart, which it has tracked since 2015, had a more extensive campaign that targeted more than 800 sites between February 2017 and June 2018. It found in the Ticketmaster breach that the group stole payment information through a third-party supplier, Inbenta, rather than Ticketmaster directly.

"Even more disturbing, the Ticketmaster breach demonstrates that the Magecart actors are continuing to refine their techniques and get better at target selection," RiskIQ said in its report. "… they seem to have gotten smarter—rather than go after websites, they’ve figured out that it’s easier to compromise third-party suppliers of scripts and add their skimmer. In some cases, compromising one of these suppliers gives them nearly 10,000 victims instantly."

NAFCU has been active with lawmakers since the massive 2013 Target data breach stressing the need for a legislative solution to reform the nation's data security system. The association has also shared with Congress principles credit unions would like to see addressed in any comprehensive cyber and data security legislation.