SourceBooks Confirms Card Breach
Intruders Compromised Shopping Cart SoftwarePublisher SourceBooks is warning its customers about a breach that resulted in unauthorized access to credit card information. A third-party forensic audit is under way to determine the extent of the breach.
See Also: Are You APT-Ready? The Role of Breach and Attack Simulation
SourceBooks says that the breach involved the compromise of shopping cart software that supports several of the publisher's websites, according to its breach notification letter. The window of compromise was from April 16 to June 19.
During that time, unauthorized parties were able to gain access to customer credit card information, including card number, expiration date, cardholder name and card verification value. In addition, the cyber-attackers also were able to view billing information, such as name, phone number and address. In some cases, account passwords were obtained as well, SourceBooks says.
Following the incident, the publisher says it has taken several steps, including implementing new security measures in accordance with the Payment Card Industry Data Security Standard and reviewing its internal processes so that it's better able to identify any potential issues as quickly as possible.
"I know this breach may have had a very real impact on you, causing frustration and concern," says Dominique Raccah, CEO and owner of SourceBooks. "We share those feelings. You trusted us with your information, and you deserve better."
SourceBooks did not immediately respond to a request for additional information.