TryMedia, a subsidiary of RealNetworks, Inc.. recently notified the New Hampshire Attorney General’s Office of a security breach involving its ActiveStore application that is used by partner sites selling digital games.
According to their letter dated January 13, the firm became aware of an intrusion into its ActiveStore application and believes the intruders were able to “intercept and obtain” customers’ credit card numbers, expiration dates, security codes, postal and email addresses, and passwords to optional user accounts for transactions that occurred between November 4, 2011 and December 2, 2011. They did not reveal how the intruder was able to intercept or obtain the data nor name its partner sites.
In their privacy policy, Trymedia states:
Because security is important to us, we exercise care in providing secure transmission of your personal information before it is transferred across the Internet from your personal computer to our secure servers. We use industry-standard, secure-socket-layer (SSL) technology, which is utilized by most popular browsers to encrypt (or convert into code) most of your personal information before it is transferred across the Internet. To further safeguard your most sensitive credit card information, we transfer such information across the Internet in an encrypted format and and do not store the complete information in our databases after a transaction has been completed.
[…]
To further protect your personal information, we have a security system that includes: firewall technologies; logical network segmentation, allowing restricted access to stored profile information; encryption; and logical and physical security restrictions to our databases and systems.
However, you should be aware that there is always some risk involved in transmitting information over the Internet. There is also some risk that others could find a way to thwart our security systems. As a result, while we strive to protect your information, we cannot ensure or warrant the security and privacy of any information you transmit to us, and you do so at your own risk.
Trymedia (TM Acquisition, LLC) planned to notify 12, 456 of its users of the breach on or about January 17 and to offer them one year of free credit monitoring services and identity theft protection.