The Illinois-based Sourcebooks publishing company admitted this weekthat a security breach in its website's shopping-cart software from April 16 to June 19 of this year put the payment information of 5,204 customers at risk. However, the company said it sent notification letters to roughly 9,000 people, as a precautionary measure.
The disclosure and sample letter (available here in .pdf form) which Sourcebooks filed with the Califrnia attorney general's office said that the potentially stolen information falls into various categories:
The credit card information included card number, expiration date, cardholder name and card verification value (CVV2). The billing account information included first name, last name, email address, phone number, and address. In some cases, shipping information was included as first name, last name, phone number, and address. In some cases, account password was obtained too. To our knowledge, the data accessed did not include any Track Data, PIN Number, Printed Card Verification Data (CVD). We are currently in the process of having a third-party forensic audit done to determine the extent of this breach.
Ironically, the authors whose works Sourcebooks publishes include security blogger Brian Krebs, who is notable for being the first to discover and report such massive data-security breaches as those at Experian and Home Depot.
As American credit card companies eventually move away from easy-to-counterfeit magnetic-strip credit cards in favor of the more secure EMV chip technology, identity thieves will switch their focus away from brick-and-mortar store databases, in favor of attacking small online stores (and their shopping cart software) instead.
That's already the case in Europe, where EMV-chip credit cards have already been standard for more than a decade, and as EMV cards replace magnetic-strip models in America, the regular weekly news articles about the latest retail hacking du jour will be replaced by regular weekly news articles about data theft from online shopping carts. Welcome to the future!