Online retailer suffers data breach
Online comic and game retailer OneBookShelf announced last month that it was the victim of a data breach, which compromised its customers' personal information.
"A hacker found a crack in our defenses and got in," the company wrote on an informational page on their website that was created following the hack.
According to the page, one of their two credit card processing servers was compromised and used not only to steal the customer information passing through but also to launch attacks on other websites. Any orders processed from July 10 through Aug 6 are at risk because of the attack.
Where the breach only affected on of the servers, the company is not sure how many cards were compromised, but an email sent from affiliate site DriveThruRPG.com informed customers that "there is a 50 percent chance that hackers were able to collect your credit card information." According to ICv2, the company did not believe that prior purchase information, which is encrypted, was compromised, but is launching an investigation to better understand the impact of the attack.
OneBookShelf owns and runs several other websites, all of which suffered in the hack. In addition to DriveThruRPG.com, they own DriveThruComics.com, RPGnow.com, DNDClassics.com, DriveThruCards.com, DriveThruFiction.com, Ulisses-ebooks.de and WargameVault.com.
Since shutting down the attack last month, the company secured their systems and nullified the gap through which their servers were hacked.
"Security has always been our top concern and up until this incident we were proud of our security record," the company said in an email to customers. "We will continue to do everything we can to keep our marketplace secure going forward."
This is just another example in a recent trend of data breaches at large companies. Business continuity consultants can provide insight on what assets should be protected from potential intrusions.