DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

More details emerge on 80sTees breach disclosed in 2013

Posted on February 27, 2014 by Dissent

Back in April 2013, 80sTees (80sTees.com) notified a number of state attorneys general that their customer payment card data had been compromised.

According to reports to New Hampshire, Vermont, Maryland, and California: on January 29, 2013, the Pennsylvania-headquartered firm was asked by Discover to examine their system after suspicious charges were noted on customers’ cards following purchases on their web site.  In response, 80sTees stopped storing credit card data, removed all stored card data from their system, contacted the Secret Service, and brought in forensics examiners.  At that time, they found no evidence of any intrusion or vulnerabilities on their server.

On February 27, they learned that a small number of Visa customers had also experienced fraudulent charges on their cards following transactions on their web site. On March 6, they learned that a large number of MasterCard customers had experienced fraudulent charges going back to the second half of 2012.

On March 12, the forensic investigator determined that malware had been inserted on their system sometime in early June 2012.  The malware had bypassed 80sTees’ anti-virus and malware scans.

As a result, in April 2013, 80sTees notified approximately 3,503 customers, even though the forensic examiner had reported that 2,598 were affected as of April 22, 2013. American Express also notified its customers, although their letter did not name 80sTees as the affected merchant.

But that’s not where the story ends, it seems. On April 30, 80sTees heard from two customers who experienced fraudulent charges after April transactions. 80sTees reported that to the Secret Service, who reportedly then placed a hold on notification letters so as not to interfere with their investigation. That hold was only lifted on January 23, 2014, when the Secret Service completed its investigation. The investigation determined that the card data was being exfiltrated to an external e-mail account. 

Based on what they learned, 80sTees decided to notify all customers who ordered through their site during the period June 3, 2012 – April 30, 2013 if they had not already been sent notification letters in April 2013.  Those letters were sent out this month. Of note, their letter to affected customers says that although the Secret Service was not able to definitively determine the person responsible for the intrusion, based on the information the firm has at this time, they believe the attack was the work of a former high-level employee who has since died.  They also note that there appears to be no connection between this incident and attacks on major retailers.

In their February notification letter, they again do not offer those affected any free credit monitoring services, but that may be because they believed that all the compromised accounts had already been cancelled by the card issuers. They did offer affected customers a profound apology and a 50% off coupon with a value up to $100.00.

80sTees also took a number of substantive steps to improve the security for customer transaction data, and infosec people will find their somewhat detailed explanation of steps they have taken interesting to review.

 

 

 

Category: Breach IncidentsBusiness SectorID TheftInsiderMalwareU.S.

Post navigation

← Health law cybersecurity challenges
Confidential Patient Records From Local Dentist’s Office Found Dumped In Apple Valley →

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • Masimo Manufacturing Facilities Hit by Cyberattack
  • Education giant Pearson hit by cyberattack exposing customer data
  • Star Health hacker claims sending bullets, threats to top executives: Reports
  • Nova Scotia Power hit by cyberattack, critical infrastructure targeted, no outages reported
  • Georgia hospital defeats data-tracking lawsuit
  • 60K BTC Wallets Tied to LockBit Ransomware Gang Leaked
  • UK: Legal Aid Agency hit by cyber security incident
  • Public notice for individuals affected by an information security breach in the Social Services, Health Care and Rescue Services Division of Helsinki
  • PowerSchool paid a hacker’s extortion demand, but now school district clients are being extorted anyway (3)
  • Defending Against UNC3944: Cybercrime Hardening Guidance from the Frontlines

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • The App Store Freedom Act Compromises User Privacy To Punish Big Tech
  • Florida bill requiring encryption backdoors for social media accounts has failed
  • Apple Siri Eavesdropping Payout Deadline Confirmed—How To Make A Claim
  • Privacy matters to Canadians – Privacy Commissioner of Canada marks Privacy Awareness Week with release of latest survey results
  • Missouri Clinic Must Give State AG Minor Trans Care Information
  • Georgia hospital defeats data-tracking lawsuit
  • No Postal Service Data Sharing to Deport Immigrants

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.