Online Store Breach Leads RoundupWell.ca Says Credit Card Data Exposed
In this week's breach roundup, Canadian online health and beauty products store Well.ca reports a breach affecting some customers' credit card data. Also, British grocery chain Tesco is investigating a breach of user accounts on its website.
Canadian Online Store Reports Breach
The Canadian online health and beauty products store Well.ca is notifying a "few thousand" people that their credit card data was compromised following a breach of one of its third-party service provider's servers.
Exposed information includes name, billing address, credit card number, card expiration date and security code, the company says.
The breach occurred between Dec. 22, 2013 and Jan. 7, 2014, Well.ca says in an online notice.
The company says it has notified law enforcement, along with the relevant credit card providers, about the incident.
A spokesperson for the company says it's offering free credit monitoring on a case-by-case basis. "As people contact us, we're absolutely doing whatever we can to make the situation right," the spokesperson says.
British Grocery Chain Breached
British grocery chain Tesco is notifying certain users of its online shopping site that their e-mail addresses, passwords and voucher balances were inappropriately posted online.
"We take the security of our customers' data extremely seriously and are urgently investigating these claims," Tesco said in a statement provided to Information Security Media Group. "We have contacted all customers who may have been affected."
The Daily Mail reported that more than 2,000 accounts were compromised.
While the company didn't confirm how many accounts were compromised or how the information ended up online, it says it will issue replacement vouchers to those affected.
Another Sentencing in DDoS Attack
Jacob Wilkens of Postville, Iowa, has been sentenced for his role in a distributed-denial-of-service attack against the Angel Soft bathroom tissue website. It's the second sentence in the case in recent weeks.
Angel Soft is a subsidiary of Koch Industries, the intended target of the attack. Koch Industries is an American multinational corporation with various subsidiaries in oil, electronics and commodity trading.
Wilkens, who had pleaded guilty to charges in the case, was sentenced to 24 months' probation and ordered to pay $111,000 in restitution, according to the U.S. Attorney's Office for the Eastern District of Wisconsin.
Wilkens and others utilized a "low orbit ion cannon" designed to flood the Angel Soft server with traffic with the intention of disrupting the website's service, prosecutors say. Koch Industries suffered several hundred thousand dollars in losses as a result of the continuous attacks on several of its network servers over a three-day span.
In another recent sentencing in the case, Christopher Michael Sudlik of St. Louis, Mo., was sentenced to 36 months' probation, 60 hours of community service and ordered to pay $111,000 in restitution (see: Sentencing in DDoS Attack). Sudlik also pleaded guilty to charges in the case.