14 DAY TRIAL // Cybercriminals do not care what kind of business they compromise as long as they get information from payment cards, so it’s no wonder that websites like ValuePetSupplies.com fall victim to cyber-attacks.
Piech Sales Company, the owner of the website, has been announcing customers that unknown individuals managed to bypass the security measures for the servers and access sensitive customer information.
Hackers can use payment data for fraudulent transactions
According to the company, the investigation revealed that the intrusion began on November 25, 2014, and lasted a little over a month, until December 29, 2014.
It appears that the attackers infiltrated malware on the systems and exfiltrated information associated with the customer’s account on the website, as well as with financial transactions.
As such, the details exposed included not only names, addresses, emails, phone numbers and account passwords but also credit or debit card data, card verification value (CVV) and expiration date.
The financial data stolen by the hackers is sufficient to allow them to make online purchases in the name of the true owner of the card. As soon as they are delivered, the goods are sold by the crooks for a fraction of their value.
This is possible because ValuePetSupplies.com stored the CVV value on their systems, which is against the Payment Card Industry Data Security Standard (PCI DSS).
The code, generally consisting in the three digits on the back of the card, is required for transactions where the card cannot be physically processed (“card not present”) like online purchases. By entering it, the user signals that they actually have the physical card and do not rely on stolen card information.
No free subscription offered for identity protection service
“We take the confidentiality of our customer information very seriously. Although we have no knowledge that your personal information was accessed from the malicious files, it is important that we notify you and provide you with specific information below to help protect your financial and other personal records,” says Zachary Piech, president of the company, in the letter addressed to the affected individuals.
The letter signed by Piech continues with details on the solutions customers have to identify a fraud attempt and to prevent any financial damage. These include placing a fraud alert and reviewing the credit report (free, once a year), as well as keeping a vigilant eye for suspicious transactions.
Unlike other companies that suffered a data breach incident, Piech Sales does not offer subscriptions to services providing protection against identity theft.