Back in August, I reported:
Smartphone Experts discovered that the system used for customer payments for online shopping had been hacked. Although stored customer data were encrypted, Diana Kingree, the Senior Vice President of Commerce, noted that the hacker may have been able to use a decryption feature of the system to view customers’ names, addresses, credit or debit card number, CVV, and card expiration date.
Here’s a similar report from Cruises, Inc, who report that someone was able to access their database using an authorized user’s login credentials. They write:
Although credit card information is encrypted when it is stored in the booking system, the unauthorized person used a decryption feature of the system to view the credit card number and expiration date for a limited number of individuals.
At least they weren’t storing CVV.
The breach was discovered on October 23, and the Maryland Attorney General’s Office and two Maryland residents were notified (pdf) on November 15. The total number affected was not disclosed.
Customers were offered free credit monitoring through Experian.