Tomcat
Professional
- Messages
- 2,687
- Reaction score
- 1,038
- Points
- 113
The computer systems of the American company InfoTrax Systems were hacked more than 20 times between May 2020 and March 2021. The company found out about the hack only after the server ran out of free space due to the archive created by the attacker.
According to the US Federal Trade Commission (FTC), the hack occurred in May 2020, when a cybercriminal exploited vulnerabilities on the server and website of one of the company's clients to gain remote control over the company's server and access the confidential information of 1 million clients.
The FTC is suing InfoTrax Systems for failing to protect clients' personal information. The perpetrator secretly accessed the system 17 times over 21 months, and on March 2, 2021 began collecting customer personal information, including names, social security numbers, physical addresses, email addresses, phone numbers, logins and passwords for 4,100 distributor accounts and InfoTrax administrators ... The data leak also included some customers' payment card information (full or partial card numbers, CVVs, and expiration dates), as well as bank account information, including account numbers and bank codes.
The company discovered the compromise on March 7, 2021. After discovering the leak, the attacker was able to compromise the company's systems at least two more times. On March 14, 2021, a criminal stole over 2,300 unique payment card numbers, including names, physical addresses, CVVs and expiration dates, as well as other payment details. Then he injected another malicious code to collect fresh data from the client's website.
According to the FTC, InfoTrax Systems failed to “inventory and remove outdated personal data, validate its software code and test the network, detect malicious file downloads, adequately segment the network, and implement safeguards to detect unusual activity.” As a result, the company is now required to implement a comprehensive data protection program and audit its systems every two years.
