The Blowout Cards experienced a security breach where an unauthorized intruder obtained access to some of their customers delicate card payment information.
The compromised information includes the names, addresses, email addresses, phone numbers, credit or debit card numbers, card expiration dates, and card verification codes.
Customers using credit and debit cards were the only ones affected by this security incident.
PayPal users weren't impacted when making purchases online.
They immediately launched an investigation and an exploit in the form of a modified payment .php file was uncovered which allowed the intruder(s) to skim credit card/debit card information as customers checked out via our website and also strengthen the security of their system and processes.
TPRM report: https://scoringcyber.rankiteo.com/company/blowoutcards-com
"id": "blo05831822",
"linkid": "blowoutcards-com",
"type": "Breach",
"date": "04/2017",
"severity": "60",
"impact": "2",
"explanation": "Attack limited on finance or reputation"{'affected_entities': [{'industry': 'Retail',
'name': 'Blowout Cards',
'type': 'Business'}],
'attack_vector': 'Modified payment .php file',
'data_breach': {'data_exfiltration': True,
'personally_identifiable_information': True,
'sensitivity_of_data': 'High',
'type_of_data_compromised': ['names',
'addresses',
'email addresses',
'phone numbers',
'credit or debit card numbers',
'card expiration dates',
'card verification codes']},
'description': 'Blowout Cards experienced a security breach where an '
'unauthorized intruder obtained access to some of their '
"customers' delicate card payment information. The compromised "
'information includes the names, addresses, email addresses, '
'phone numbers, credit or debit card numbers, card expiration '
'dates, and card verification codes. Customers using credit '
'and debit cards were the only ones affected by this security '
"incident. PayPal users weren't impacted when making purchases "
'online. They immediately launched an investigation and an '
'exploit in the form of a modified payment .php file was '
'uncovered which allowed the intruder(s) to skim credit '
'card/debit card information as customers checked out via our '
'website.',
'impact': {'data_compromised': ['names',
'addresses',
'email addresses',
'phone numbers',
'credit or debit card numbers',
'card expiration dates',
'card verification codes'],
'payment_information_risk': 'High'},
'initial_access_broker': {'entry_point': 'Modified payment .php file'},
'investigation_status': 'Ongoing',
'post_incident_analysis': {'corrective_actions': 'Strengthen the security of '
'their system and processes',
'root_causes': 'Modified payment .php file '
'vulnerability'},
'response': {'containment_measures': 'Strengthen the security of their system '
'and processes'},
'title': 'Blowout Cards Data Breach',
'type': 'Data Breach',
'vulnerability_exploited': 'Payment .php file vulnerability'}