fbpx
News
MasterCard Purchases Ethoca
News
Marriott CEO Testifies to Congress About 2018 Data Breach
News
Medical data breach may have exposed info about 600,000 Michigan patients
News
German Ecommerce Worth 58.8 Billion Euros in 2019
News
NJ Data Breaches Lead to Increased Focus on Cybersecurity
News
Worldnet Payments Enters Agreement with POSDATA
News
Marqeta Raises $250 Million Series E Funding
News
Doxo Offers Apple Pay Solutions
News
UK Banks Prevented More than £1.12b in Card Fraud in 2018
News
Verifi Launches Self-Service Chargeback Representment
News
One of the Biggest Data Breaches Ever Compromises Personal Info From Nearly 1 Billion Email Addresses
News
540 Million Facebook Accounts Exposed on Vulnerable AWS Servers
News
Facebook Changes Terms to Comply with European Commission Demands
News
Nethone Raises Over $1 Million to Develop Artificial Intelligence to Fight Chargebacks
News
Chargeback Gurus Enters the Finals of Dallas Business Journal Entrepreneur Contest
News
Terbium Labs Reveals the Dark Web’s “How To” Guide to Committing Ecommerce Fraud
News
Thales Finishes Acquisition of Digital Identity and Security Company Gemalto
News
Ecommerce Fraud Events: Airline & Travel Payments Summit 2019
News
McDonald’s App Hacked In $2,000 ATO Fraud Attack
News
IntSights Releases New Report On the Biggest Fraud Prevention Challenges Facing Banking & Financial Services
News
Online Advertising Fraud Down Nearly $1 Billion Dollars, According to New Association of National Advertisers Report
News
Synthetic Identity Fraud: TransUnion Announces New Rapid Default Model
News
PrismWeb Fraud Attack: Hackers Steal Student Payment Data from 197 American & Canadian Universities
News
Checkout.com Raises $230m Series A Round of Funding
News
Barracuda Networks Releases New ATO Report
News
2019 AFP Payments Fraud and Control Survey Released
News
Sextortion Email Scam Nets Fraudsters $1 million in Bitcoin
News
IBM X-Force Threat Intelligence Index 2019 Released
News
Avanan Releases Global Phish Report 2019
News
EdgeWave releases new Report: “How to Fight the Phishing Epidemic and Win”
News
RSA Q1 2019 Fraud Report Released
News
BalBix Releases New Report: How to Use AI to Tackle Cyber-Security Challenges
News
PayPal Commerce Platform Launches
News
ECBSV SSN Verification Pilot Program Begins
News
Zelle Scam Cleans Out the Bank Accounts of Unsuspecting Victims
News
Google Pay PayPal Connection Expanded
News
Data Breach Exposes Secrets of Ford, TD Bank
News
Visa Acquires Verifi
News
Orvibo IoT Devices Suffer Massive Data Breach
News
ICO Fines British Airways £183.39m for Data Breach
News
PayPal Xoom Europe Launches
News
Mnuchin: Facebook Libra “Threat”
News
FinCEN Business Email Compromise Report Released
News
Malwarebytes Labs Cybercrime Tactics and Techniques Q1 2019 Report Released
News
Fake Google Domains Target Magento Users
News
Capital One Data Breach Hits 100 Million US Customers
News
Pearson Data Breach Compromises 100,000+ Students
News
Capital One Data Breach Class Action Lawsuit Initiated
News
NormShield Releases State of Financial Phishing Q1 2019
Sunday, August 18, 2019
News
MasterCard Purchases Ethoca
News
Marriott CEO Testifies to Congress About 2018 Data Breach
News
Medical data breach may have exposed info about 600,000 Michigan patients
News
German Ecommerce Worth 58.8 Billion Euros in 2019
News
NJ Data Breaches Lead to Increased Focus on Cybersecurity
News
Worldnet Payments Enters Agreement with POSDATA
News
Marqeta Raises $250 Million Series E Funding
News
Doxo Offers Apple Pay Solutions
News
UK Banks Prevented More than £1.12b in Card Fraud in 2018
News
Verifi Launches Self-Service Chargeback Representment
News
One of the Biggest Data Breaches Ever Compromises Personal Info From Nearly 1 Billion Email Addresses
News
540 Million Facebook Accounts Exposed on Vulnerable AWS Servers
News
Facebook Changes Terms to Comply with European Commission Demands
News
Nethone Raises Over $1 Million to Develop Artificial Intelligence to Fight Chargebacks
News
Chargeback Gurus Enters the Finals of Dallas Business Journal Entrepreneur Contest
News
Terbium Labs Reveals the Dark Web’s “How To” Guide to Committing Ecommerce Fraud
News
Thales Finishes Acquisition of Digital Identity and Security Company Gemalto
News
Ecommerce Fraud Events: Airline & Travel Payments Summit 2019
News
McDonald’s App Hacked In $2,000 ATO Fraud Attack
News
IntSights Releases New Report On the Biggest Fraud Prevention Challenges Facing Banking & Financial Services
News
Online Advertising Fraud Down Nearly $1 Billion Dollars, According to New Association of National Advertisers Report
News
Synthetic Identity Fraud: TransUnion Announces New Rapid Default Model
News
PrismWeb Fraud Attack: Hackers Steal Student Payment Data from 197 American & Canadian Universities
News
Checkout.com Raises $230m Series A Round of Funding
News
Barracuda Networks Releases New ATO Report
News
2019 AFP Payments Fraud and Control Survey Released
News
Sextortion Email Scam Nets Fraudsters $1 million in Bitcoin
News
IBM X-Force Threat Intelligence Index 2019 Released
News
Avanan Releases Global Phish Report 2019
News
EdgeWave releases new Report: “How to Fight the Phishing Epidemic and Win”
News
RSA Q1 2019 Fraud Report Released
News
BalBix Releases New Report: How to Use AI to Tackle Cyber-Security Challenges
News
PayPal Commerce Platform Launches
News
ECBSV SSN Verification Pilot Program Begins
News
Zelle Scam Cleans Out the Bank Accounts of Unsuspecting Victims
News
Google Pay PayPal Connection Expanded
News
Data Breach Exposes Secrets of Ford, TD Bank
News
Visa Acquires Verifi
News
Orvibo IoT Devices Suffer Massive Data Breach
News
ICO Fines British Airways £183.39m for Data Breach
News
PayPal Xoom Europe Launches
News
Mnuchin: Facebook Libra “Threat”
News
FinCEN Business Email Compromise Report Released
News
Malwarebytes Labs Cybercrime Tactics and Techniques Q1 2019 Report Released
News
Fake Google Domains Target Magento Users
News
Capital One Data Breach Hits 100 Million US Customers
News
Pearson Data Breach Compromises 100,000+ Students
News
Capital One Data Breach Class Action Lawsuit Initiated
News
NormShield Releases State of Financial Phishing Q1 2019

PrismWeb Fraud Attack: Hackers Steal Student Payment Data from 197 American & Canadian Universities

May 8, 2019
|
No Comments
|
News

Hackers from the Mirrorthief group used a “Magecart” style attack on the PrismWeb eCommerce platform to successfully steal the payment card details from the e-commerce systems of 201 American and Canadian universities. The information stolen includes cardholder names, as well as card numbers, expiration dates, and card verification number’s (CVN). The number of accounts compromised is not currently known.

TrendMicro, a cyber threat and vulnerability company, uncovered the hack.

Magecart attacks place malicious JavaScript code directly onto the checkout pages of eCommerce stores. The code gives fraudsters the ability to collect the data entered onto the pages by shoppers, which can then be re-sold to cyber thieves on the dark web.

“The attacker injected their skimming script into the shared JavaScript libraries used by online stores on the PrismWeb platform,” TrendMicro said in a statement. “We confirmed that their scripts were loaded by 201 campus book and merchandise online stores, which serves 176 colleges and universities in the U.S. and 21 in Canada. The amount of payment information that was stolen is still unknown.”

TrendMicro brought the vulnerability to the attention to PrismRBS, the owner of the PrismWeb platform. In a statement, PrismRBS claims they fixed the problem, and is now taking steps to contact affected customers and inform them their data was compromised.

“We are proactively notifying potentially impacted customers to let them know about the incident, the steps we are taking to address the situation, and steps they can take to protect their end users. We deeply regret any concern or frustration this incident may cause,” the statement said.

Magecart eCommerce fraud attacks are currently on the rise across the internet. However, TrendMicro states their research did not uncover any relationship between this attack and any previously known cybercrime groups. And in a deviation from the norm, the attack specifically targeted the PrismWeb platform and not online payment forms generally.

In its statement, TrendMicro also suggested online fraud prevention best practices merchants can use to protect themselves against Magecart attacks.

“Website owners should regularly check and strengthen their security with patches and server segregation, employ robust authentication mechanisms, restrict or disable outdated components, and habitually monitor websites and applications for any indicators of suspicious activity,” the company said.

Source:

https://blog.trendmicro.com/trendlabs-security-intelligence/mirrorthief-group-uses-magecart-skimming-attack-to-hit-hundreds-of-campus-online-stores-in-us-and-canada/

Join our Community

join the community

Our Sponsors

Stay in Touch

LINKEDIN

YOUTUBE