Malware Attack Prompts US Transport Authority to Axe Online Store

Malware Attack Prompts US Transport Authority to Axe Online Store

Originally Published on this site

Malware Attack Prompts US Transport Authority to Axe Online Store

Malware Attack Prompts US Transport Authority to Axe Online Store 1

An American transport authority has responded to a malware attack by permanently closing its online store.

The Southeastern Pennsylvania Transport Authority (SEPTA) shuttered the site within an hour of discovering that the personal data of 761 customers had been stolen in a data-skimming Magecart attack. 

Hackers were able to steal shoppers’ credit card numbers, names, and addresses during an online crime spree thought to have begun on June 21 and ended on July 16. The store, which sold online travel tickets along with SEPTA-branded mugs and clothing, was hosted by Amazon Web Services. 

SEPTA was alerted to the attack on July 16 by a user who received a malware warning while browsing the online store. However, the transport authority waited until September 5 to inform customers affected by the attack by letter that a breach had taken place. 

Asked what had caused the two-month time lag, SEPTA spokesperson Andrew Busch told Infosecurity Magazine: “Customers were notified as soon as SEPTA was confident that it had gathered accurate information regarding the individuals who were affected. SEPTA followed proper reporting protocols as soon as the breach was discovered by notifying the FBI and the Pennsylvania Department of Transportation.”

The revelation that the online store had been permanently closed in an effort to prevent any future malware attacks only came to light on September 19 when it was reported by The Philadelphia Inquirer.

Explaining SEPTA’s arguably extreme approach to cybersecurity, Busch told Infosecurity Magazine: “The primary reason for shutting it down was to eliminate the potential for any additional customer information to be compromised. 

“In addition, the site was mostly used for purchases of fare products that have or are being phased out with SEPTA’s modernized fare system, the SEPTA Key, and in general it was not widely used. The SEPTA Key has a separate e-commerce site, and that site was not breached.”

Busch confirmed that SEPTA has not suffered any further attacks since closing its online store, whose quiet death failed to arouse much notice. 

Describing the impact of SEPTA’s decision to axe the store, Busch said: “There has not been a significant amount of customer feedback.”

Leave a comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Vox Messenger Logo - 512x512

End-2-End Encrypted. Secure. Ad-Free.
Lightweight and Faster than the Competition.

Vox Messenger is an ad-free, secure and end-2-end encrypted alternative to other popular chat messenger apps.

Available for Free. Whitelabel Corporate Edition Available on Request.

Vox Messenger {Secure} - Communicate safely with our private and secure messaging app | Product Hunt Embed

All Rights Reserved - © Copyright 2020 - Vox Messenger (a Division of Kryotech Ltd.)