14 DAY TRIAL // R.R. Bowker's myidentifiers.com ISBN Agency affiliate platform was breached, with the checkout page being modified to exfiltrate credit card information, as initially discovered by Publisher Weekly.
ISBNs are distinct and numeric-based commercial book identifiers used to by publishers to register new publications and their variations, and they can be purchased from International ISBN Agency affiliates such as R.R. Bowker.
The issue was discovered when the payment card networks used for making purchases on their ISBN platform alerted the company of a number of unauthorized charges – probably reported by users – initiated with credit cards that were used to buy identifiers on myidentifiers.com.
"We immediately launched an investigation and engaged a leading forensic firm to assist," says the R.R. Bowker security breach announcement. "Our investigation has identified unauthorized code that was added to the checkout page on our website."
R.R. Bowker's ongoing investigation has not yet established a time range for the announced security breach, but according to their notice the credit card skimming code might have been active on the checkout page from May 1, 2018, through October 23, 2018.
The data breach incident might have affected all customers who made payments between May 1 through October 23
The ISBN Agency affiliate did not provide an estimation of the number of customers affected by this data breach incident, but depending on the number of clients who used the myidentifiers.com during the six months the card skimmer code was probably active on their website, those numbers could reach quite an impressive figure.
"Consistent with good practice, customers should closely monitor their payment card account statements," R.R. Bowker also said in their breach notice.
Moreover, "If you see any unauthorized charges, you should immediately notify the bank that issued the card. Payment card companies typically do not hold cardholders responsible for unauthorized charges."
Although there are no specific details regarding this breach, given the fact that the actors behind this attack used credit card skimmers on the checkout page, this might be the work of the Magecart threat group, making R.R. Bowker the last entry in a long list of victims.