OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
[Dataloss] Hackers Infiltrate Opening Ceremony's Online Boutique, Compromise Security

From: security curmudgeon (jerichoattrition.org)
Date: Thu May 10 2012 - 11:57:53 CDT


---------- Forwarded message ----------
From: InfoSec News <alertsinfosecnews.org>

http://blogs.artinfo.com/silhouettes/2012/05/09/hackers-infiltrate-opening-ceremonys-online-boutique/

By Ann Binlot
ARTINFO.com
May 9, 2012

We recently got hold of a piece of mail bearing bad news from the edgy
boundary-pushing boutique Opening Ceremony stating that "a hacker placed
malicious software on our website."

The letter -- dated May 4 and signed by Carol Lim, CEO and co-founder of
the company -- says that the incident in question presumably took place on
February 16. While the company took security precautions and removed the
questionable software after the breach was discovered on March 21, it was
more than enough time for the criminals to extract customers? private
information.

     "Unfortunately, the hacker may have accessed the names, addresses,
     and credit card information of customers who purchased an item on
     our website during this period," reads part of the letter.

Opening Ceremony is currently working with data breach prevention and
response specialist ID Experts to field questions and concerns from
customers who may have been affected. ID Experts can be contacted at
866-660-8617.

[...]

_______________________________________________
Dataloss Mailing List (datalossdatalossdb.org)
Archived at http://seclists.org/dataloss/
Unsubscribe at http://datalossdb.org/mailing_list

Supporters:

Risk Based Security (http://www.riskbasedsecurity.com/)
Risk Based Security equips organizations with security intelligence, risk
management services and on-demand security solutions to establish
customized risk-based programs to address information security and
compliance challenges.

Tenable Network Security (http://www.tenable.com/)
Tenable Network Security provides a suite of solutions which unify real-time
vulnerability, event and compliance monitoring into a single, role-based, interface
for administrators, auditors and risk managers to evaluate, communicate and
report needed information for effective decision making and systems management.