DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

More details emerge on 80sTees breach disclosed in 2013

Posted on February 27, 2014 by Dissent

Back in April 2013, 80sTees (80sTees.com) notified a number of state attorneys general that their customer payment card data had been compromised.

According to reports to New Hampshire, Vermont, Maryland, and California: on January 29, 2013, the Pennsylvania-headquartered firm was asked by Discover to examine their system after suspicious charges were noted on customers’ cards following purchases on their web site.  In response, 80sTees stopped storing credit card data, removed all stored card data from their system, contacted the Secret Service, and brought in forensics examiners.  At that time, they found no evidence of any intrusion or vulnerabilities on their server.

On February 27, they learned that a small number of Visa customers had also experienced fraudulent charges on their cards following transactions on their web site. On March 6, they learned that a large number of MasterCard customers had experienced fraudulent charges going back to the second half of 2012.

On March 12, the forensic investigator determined that malware had been inserted on their system sometime in early June 2012.  The malware had bypassed 80sTees’ anti-virus and malware scans.

As a result, in April 2013, 80sTees notified approximately 3,503 customers, even though the forensic examiner had reported that 2,598 were affected as of April 22, 2013. American Express also notified its customers, although their letter did not name 80sTees as the affected merchant.

But that’s not where the story ends, it seems. On April 30, 80sTees heard from two customers who experienced fraudulent charges after April transactions. 80sTees reported that to the Secret Service, who reportedly then placed a hold on notification letters so as not to interfere with their investigation. That hold was only lifted on January 23, 2014, when the Secret Service completed its investigation. The investigation determined that the card data was being exfiltrated to an external e-mail account. 

Based on what they learned, 80sTees decided to notify all customers who ordered through their site during the period June 3, 2012 – April 30, 2013 if they had not already been sent notification letters in April 2013.  Those letters were sent out this month. Of note, their letter to affected customers says that although the Secret Service was not able to definitively determine the person responsible for the intrusion, based on the information the firm has at this time, they believe the attack was the work of a former high-level employee who has since died.  They also note that there appears to be no connection between this incident and attacks on major retailers.

In their February notification letter, they again do not offer those affected any free credit monitoring services, but that may be because they believed that all the compromised accounts had already been cancelled by the card issuers. They did offer affected customers a profound apology and a 50% off coupon with a value up to $100.00.

80sTees also took a number of substantive steps to improve the security for customer transaction data, and infosec people will find their somewhat detailed explanation of steps they have taken interesting to review.

 

 

 

Category: Breach IncidentsBusiness SectorID TheftInsiderMalwareU.S.

Post navigation

← Health law cybersecurity challenges
Confidential Patient Records From Local Dentist’s Office Found Dumped In Apple Valley →

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • AT&T gets preliminary approval for $177 million data breach settlement
  • Aflac notifies SEC of breach suspected to be work of Scattered Spider
  • Former JBLM soldier pleads guilty to attempting to share military secrets with China
  • No, the 16 billion credentials leak is not a new data breach — a wake-up call about fake news (Updated)
  • Tonga’s health system hit by cyberattack (1)
  • Russia Expert Falls Prey to Elite Hackers Disguised as US Officials
  • Proposed class action settlement in In re Netgain Technology litigation
  • Qilin Offers “Call a lawyer” Button For Affiliates Attempting To Extort Ransoms From Victims Who Won’t Pay
  • Ireland’s Data Protection Commission publishes 2024 Annual Report
  • The headlines suggested Freedman Healthcare suffered a ransomware attack that affected patient data. The reality was quite different.

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • The Markup caught 4 more states sharing personal health data with Big Tech
  • Privacy in the Big Sky State: Montana’s Consumer Privacy Law Gets Amended
  • UK Passes Data Use and Access Regulation Bill
  • Officials defend Liberal bill that would force hospitals, banks, hotels to hand over data
  • US Judge Invalidates Biden Rule Protecting Privacy for Abortions
  • DOJ’s Data Security Program: Key Compliance Considerations for Impacted Entities
  • 23andMe fined £2.31 million for failing to protect UK users’ genetic data

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.