fbpx
Frame-14

Privacy Ninja

        • DATA PROTECTION

        • CYBERSECURITY

        • Penetration Testing

          Secure your network against various threat points. VA starts at only S$1,000, while VAPT starts at S$4,000. With Price Beat Guarantee!

        • API Penetration Testing
        • Enhance your digital security posture with our approach that identifies and addresses vulnerabilities within your API framework, ensuring robust protection against cyber threats targeting your digital interfaces.

        • On-Prem & Cloud Network Penetration Testing
        • Boost your network’s resilience with our assessment that uncovers security gaps, so you can strengthen your defences against sophisticated cyber threats targeting your network

        • Web Penetration Testing
        • Fortify your web presence with our specialised web app penetration testing service, designed to uncover and address vulnerabilities, ensuring your website stands resilient against online threats

        • Mobile Penetration Testing
        • Strengthen your mobile ecosystem’s resilience with our in-depth penetration testing service. From applications to underlying systems, we meticulously probe for vulnerabilities

        • Cyber Hygiene Training
        • Empower your team with essential cybersecurity knowledge, covering the latest vulnerabilities, best practices, and proactive defence strategies

        • Thick Client Penetration Testing
        • Elevate your application’s security with our thorough thick client penetration testing service. From standalone desktop applications to complex client-server systems, we meticulously probe for vulnerabilities to fortify your software against potential cyber threats.

        • Source Code Review
        • Ensure the integrity and security of your codebase with our comprehensive service, meticulously analysing code quality, identifying vulnerabilities, and optimising performance for various types of applications, scripts, plugins, and more

        • Email Spoofing Prevention
        • Check if your organisation’s email is vulnerable to hackers and put a stop to it. Receive your free test today!

        • Email Phishing Excercise
        • Strengthen your defense against email threats via simulated attacks that test and educate your team on spotting malicious emails, reducing breach risks and boosting security.

        • Cyber Essentials Bundle
        • Equip your organisation with essential cyber protection through our packages, featuring quarterly breached accounts monitoring, email phishing campaigns, cyber hygiene training, and more. LAUNCHING SOON.

World’s Largest Pathologists Association Discloses Credit Card Incident

World’s Largest Pathologists Association Discloses Credit Card Incident

Image: National Cancer Institute

The American Society for Clinical Pathology (ASCP) disclosed a payment card incident that impacted customers who entered payment info on its e-commerce website.

The Chicago-based association for medical professionals is the world’s largest such organization for pathologists and laboratory professionals.

Its member list includes over 100,000 medical laboratory professionals, clinical and anatomic pathologists, residents, and students.

Attackers targeted ASCP’s e-commerce site 

“We have recently been informed that our e-commerce website was the target of a cybersecurity attack that, for a limited time period, potentially exposed payment card data as it was entered on our website,” ASCP said.

“We engaged external forensic investigators and data privacy professionals and conducted a thorough investigation into the incident.”

While the data breach notification seen by BleepingComputer has the breach time period redacted, information filed with relevant authorities says that the attackers had access to ASCP’s site on (or between) March 30, 2020, and November 6, 2020.

On March 11, 2021, ASCP discovered that the attackers might have had access to customers’ payment card information, including names, credit or debit card numbers, card expiration dates, and CVV (the three or four digit code on the front or back of the cards).

Also Read: Practitioner Certificate In Personal Data Protection: Everything You Need To Know

The pathologists association added that it found no evidence that customers’ exposed payment card info was misused after the incident.

ASCP also said it does not store any of its customers’ payment card data on its servers and that it implemented security measures to prevent similar incidents in the future.

We resolved the issue that led to the potential exposure on the website. We implemented additional security safeguards to protect against future intrusions. We continue ongoing intensive monitoring of our website, to ensure that it exceeds industry standards to be secure of any malicious activity. — ASCP

All signs point to a Magecart attack

While ASCP didn’t explain this incident’s exact nature, all evidence points that its customers were the victims of a web skimming (also known as digital skimming, e-Skimming, or Magecart) attack.

In such attacks, threat actors inject JavaScript-based scripts known as credit card skimmers (aka Magecart scripts, payment card skimmers, or web skimmers) into compromised online stores.

Once deployed on a compromised online shop, these skimmers allow the attackers to harvest and steal the payment, and personal info submitted by the online stores’ customers and send it to remote servers under their control.

The attackers later use this data in various financial or identity theft fraud schemes or sell it to others on hacking or carding forums.

The FBI warned in October 2019 of Magecart threats targeting both government agencies and SMBs (small and medium-sized businesses) that process online payments.

The federal law enforcement agency also advised online shop owners to keep their software updated since it is one of the main mitigation measures against web skimming attacks.

Also Read: The DNC Singapore: Looking At 2 Sides Better

An ASCP spokesperson was not available for comment when contacted by BleepingComputer earlier this week.

0 Comments

KEEP IN TOUCH

Subscribe to our mailing list to get free tips on Data Protection and Data Privacy updates weekly!

Personal Data Protection

REPORTING DATA BREACH TO PDPC?

We have assisted numerous companies to prepare proper and accurate reports to PDPC to minimise financial penalties.
×

Hello!

Click one of our contacts below to chat on WhatsApp

× Chat with us