BriansClub has fallen foul of cyber-criminals in a second large-scale incident to have hit the major global online marketplace, reports reveal.
The news of a theft of more than 26 million cards from BriansClub was initially shared with cyber-security specialist, Brian Krebs, whose name has long been used by IT administrators at the online BriansClub retail hub.
This latest incident has seen a high number of credit and debit card details stolen from physical retail outlets over the past four years, as well as eight million placed online through this year.
The stolen information could be used by hackers to put together phoney magstripe cards which could then be used to make fraudulent purchases in stores. EMV smart cards are designed to put an end to such activity, but enough merchants and cardholders still rely on legacy payment systems to make forgeries of this nature of continuing interest to the criminal underworld.
Cardholder losses could mount to $500 per card, Krebs fears, meaning BriansClub could be facing a loss of up to $4 billion as a result of the estimated nine million cards lost to fraudsters over the past four years.
According to principal strategist at Synopsys, Tim Mackey, organisations of all sizes need to educate themselves more about the realities of payment card fraud and cyber-security protection measures.
“First, the attackers define the rules of the attack and the best you can do is defend against their actions. Second, the only data ever taken is data available for the taking. When designing your data collection and storage procedures, it’s critical to look at all data operations through the lens of what would happen if there was absolutely nothing preventing your biggest competitor or worst enemy from downloading that data,” Mackey explained to infosecurity magazine.
“Is all the data appropriately encrypted? Are all access attempts audited? Is modification controlled? For these questions, and many more, the next question becomes one of “how,” and it’s how you approach these questions and their answers which distinguishes a successful cybersecurity initiative from one likely to make the news for the wrong reasons,” he added.
The post #Privacy: US web-based marketplace BriansClub hit by data leak appeared first on PrivSec Report.