NIS America Online Store Suffers Data Breaches, Customer Information Compromised

posted on 2018-03-03 00:02 EST by Karen Ressler
Company promises increased security

The NIS America online store suffered a data breach affecting any customers who used the website between January 23 and February 26. Customers who paid by card during this time may have had their credit card or login details compromised. Customers who used PayPal may have had their billing, shipping, or email addresses compromised.

NISA discovered the breach on February 26, and upon discovery of the breach shut down the store and found the cause. However, the store also suffered a second breach for a period of 14 hours starting around midnight on February 28. NISA Marketing Supervisor Travis Shrodes told ANN that NISA "determined it was a different avenue of attack from likely the same individuals and worked immediately to shut down that one."

NISA informed its customers via email of the two breaches on February 28 and March 2, respectively. In its email to customers about the first breach, NISA explained:

The skimming process had access to all information provided by the customer during checkout, including their name, address, credit card number, expiration date and CVV security code, and email address. Customers who placed new orders using their PayPal account were redirected to this malicious process before signing into PayPal, so we do not believe that PayPal payment or login information was compromised in this event. After being sent to the malicious web page, the customers were returned to a secure PayPal login page.

We do not collect Social Security numbers, and there is no evidence that any payment or billing information provided prior to January 23rd, 2018 was compromised.

Shrodes told ANN that NISA has taken steps to ensure there will be no further data breaches. "I would just like to say on behalf of NISA that we are very, very sorry to have this breach of security on our site," he said. "We continue to work tirelessly since detecting this malicious attack to properly communicate and react to best benefit our most trusted customers and partners. We have increased our security and will continue to see how to prevent future attacks as well."

discuss this in the forum (13 posts) |
bookmark/share with:

News homepage / archives