DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

Sourcebooks suffers credit card data breach (update2)

Posted on October 18, 2014 by Dissent

Dave Lewis writes:

It wouldn’t be a Friday afternoon without a company sharing that they had suffered a data breach. Normally, I’m the first person to be sympathetic in this type of situation but, I have seen enough of these Friday disclosures that I’m starting to call bull spit on these.

Just “starting,” Dave? What took you so long? @IDexperts and @PogoWasRight have been snarkily commenting on these Friday afternoon disclosures for well over a year now.

In any event, as to the Sourcebooks breach, you can read Dave’s coverage on CSO. By today’s standards, a 4-month delay between discovery of the breach and notification is considered long.

Sourcebooks had submitted a copy of their consumer notification letters to the California Attorney General’s Office for their Sourcebooks and for PutMeInTheStory sites (you can access their notification letters here and here).  As Sourcebooks CEO and owner Dominique Raccah writes:

Sourcebooks recently learned that there was a breach of the shopping cart software that supports our website, putmeinthestory.com, on April 16, 2014 – June 19, 2014 and unauthorized parties were able to gain access to customer credit card information. The credit card information included card number, expiration date, cardholder name and card verification value (CVV2). The billing account information included first name, last name, email address, phone number, and address. In some cases, shipping information was included as first name, last name, phone number, and address. In some cases, account password was obtained. To our knowledge, the data accessed did not include any Track Data, PIN Number, Printed Card Verification Data (CVD). We are currently in the process of having a third-party forensic audit done to determine the extent of this breach.

Neither site has any consumer alert or notification on it, which is not that unusual, although I do wish sites had to prominently post such notifications as HIPAA-covered entities may have to do.

UPDATE of 10-24-14: Brian Krebs reports that approximately 5,100 customers were affected.

UPDATE of 10-28-14: The incident was reported to the NH Attorney General as affecting 5,204.

No related posts.

Category: Business SectorHackU.S.

Post navigation

← Morning musings
FDA Releases Final Guidance on Cybersecurity in Medical Devices, Public Workshop to Follow on October 21-22, 2014 →

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • Horizon Healthcare RCM discloses ransomware attack in December
  • Disgruntled IT Worker Jailed for Cyber Attack, Huddersfield
  • Hacker helped kill FBI sources, witnesses in El Chapo case, according to watchdog report
  • Texas Centers for Infectious Disease Associates Notifies Individuals of Data Breach in 2024
  • Battlefords Union Hospitals notifies patients of employee snooping in their records
  • Alert: Scattered Spider has added North American airline and transportation organizations to their target list
  • Northern Light Health patients affected by security incident at Compumedics; 10 healthcare entities affected
  • Privacy commissioner reviewing reported Ontario Health atHome data breach
  • CMS warns Medicare providers of fraud scheme
  • Ex-student charged with wave of cyber attacks on Sydney uni

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • Supreme Court Decision on Age Verification Tramples Free Speech and Undermines Privacy
  • New Jersey Issues Draft Privacy Regulations: The New
  • Hacker helped kill FBI sources, witnesses in El Chapo case, according to watchdog report
  • Germany Wants Apple, Google to Remove DeepSeek From Their App Stores
  • Supreme Court upholds Texas law requiring age verification on porn sites
  • Justices nix Medicaid ‘right’ to choose doctor, defunding Planned Parenthood in South Carolina
  • European Commission publishes its plan to enable more effective law enforcement access to data

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.