Hackers from the Mirrorthief group used a “Magecart” style attack on the PrismWeb eCommerce platform to successfully steal the payment card details from the e-commerce systems of 201 American and Canadian universities. The information stolen includes cardholder names, as well as card numbers, expiration dates, and card verification number’s (CVN). The number of accounts compromised is not currently known.
TrendMicro, a cyber threat and vulnerability company, uncovered the hack.
TrendMicro brought the vulnerability to the attention to PrismRBS, the owner of the PrismWeb platform. In a statement, PrismRBS claims they fixed the problem, and is now taking steps to contact affected customers and inform them their data was compromised.
“We are proactively notifying potentially impacted customers to let them know about the incident, the steps we are taking to address the situation, and steps they can take to protect their end users. We deeply regret any concern or frustration this incident may cause,” the statement said.
Magecart eCommerce fraud attacks are currently on the rise across the internet. However, TrendMicro states their research did not uncover any relationship between this attack and any previously known cybercrime groups. And in a deviation from the norm, the attack specifically targeted the PrismWeb platform and not online payment forms generally.
In its statement, TrendMicro also suggested online fraud prevention best practices merchants can use to protect themselves against Magecart attacks.
“Website owners should regularly check and strengthen their security with patches and server segregation, employ robust authentication mechanisms, restrict or disable outdated components, and habitually monitor websites and applications for any indicators of suspicious activity,” the company said.