14 DAY TRIAL // ECS Learning Systems, a seller of K-12 state-specific test prep materials, has sent notification letters to 1,300 customers after unidentified attackers hacked into its customer database and stole credit card data.
The breach was discovered on October 15, but the initial intrusion occurred back in April. According to the company, since then, the hackers sporadically accessed customer data.
The compromised information includes names, telephone numbers, email addresses, physical addresses, as well as credit card details.
It appears that credit card data was stored inside the database for convenience purposes, to avoid customers having to re-enter it with every new purchase.
Following the breach, this practice has been discontinued and going forward no credit or debit card information will be stored on the company's systems.
"[…] All online credit card transactions on our website will continue to be processed for us by a leading, national service provider, which was not involved in this security incident," ECS writes.
In a FAQ document accompanying the letter [pdf], the company advises affected customers to review their bank and credit card statements carefully and contact their respective banks if they see signs of fraud.
However, it would be more sensible for affected individuals to change their cards immediately. Recent ATM attacks revealed that cyber criminals can sit on stolen credit card details for over a year before beginning to abuse them.
It's very likely that after a year people will no longer pay as much attention to their card activity as immediately after a data compromise.
Affected customers can request one free credit report from each of the three credit reporting agencies (Equifax, Experian and TransUnion) per year.
In addition, they can also get a security alert placed on their credit file, which will prompt additional scrutiny from credit issuers.