Magecart skimmers behind ABS-CBN online store attack
Around 200 customers were affected by the breach.
The National Privacy Commission (NPC) gave an update about the data breach on the online store of ABS-CBN following the discovery of a malware embedded on the website in September.
NPC said they received the company’s breach report on Sept. 24, which was five days following the Sept. 19 discovery of the malicious software which was believed to be in place for a month.
Data Protection Officer Jay C. Gomez said the hack is likely part of a global card skimming campaign by a group of cyber-criminals called Magecart, which has been stealing credit card data from the websites of bigger companies like the British Airways and Ticketmaster.
There were 208 validated purchases made via the ABS-CBN online store that were reportedly compromised. Of them, 202 have been notified via e-mail or text message and told to change their passwords for their credit cards and accounts.
It was also noted that the breach could have been prevented had the third-party site developer chosen to introduce two-factor authentication early on.
ABS-CBN said the UAAP online store has not been affected by the breach, but was only preventively taken down.