As a follow-up to a previously reported breach involving a hack of HuskyDirect.com, there are now some reports suggesting that the data may have been misused.
Back on January 11, U.Conn had posted a notice to its web site:
The UConn Co-op was informed by its vendor that there has been a data security incident involving the customer database for the UConn Co-op’s website HuskyDirect.com that may have exposed the billing information of HuskyDirect customers. This information includes name, address, e-mail, telephone number, and credit card number, expiration date, and security code.
The database consisted of 18,000 HuskyDirect customers. The Co-op is investigating how many accounts were actually accessed.
[…]
The Co-op has posted answers to frequently asked questions on this matter on its website.
According to John Stewart of The Daily Campus, there have been some reports of fraudulent card number use that may be linked to the incident:
Reactions by ex-customers turned current victims on a UConn basketball blog suggest that damage was minimal, but noticeable. The hackers’ first steps seem to be baby steps before attempting to make larger, more financially damaging leaps into and out of the victims bank accounts.
“Our bank called us last Monday, saying there were two suspicious charges on my ATM card, both in England, small amounts but there may be more in transit,” one blogger wrote.
Another shared a similar experience.
“We just had to cancel our bank cards because of four fraudulent attempts to get money from us, and were wondering why. Now we know. One vendor got $4.95, but we had that reversed. Another was a far-right religious organization, another was Disney Movie Channel and another was the Real.com people, the folks who offer Real Player.”
Though small transactions were the general trend, some customers have reported multiple charges of over a hundred dollars – one of them reporting two charges of over a thousand dollars.
Note that although The Daily Campus report, published January 30, indicates that the breach occurred “early last week,: the breach occurred on or before January 7, when HuskyDirect.com was taken offline and the first round of news coverage began.