It’s not often DataBreaches reads a breach disclosure that reports the theft of already-encrypted data, but a notification by Systems East, Inc. (SEI) in New York reported one such incident.
SEI, which provides e-payment solutions and online payment processing services, notified consumers that on August 25, an unknown individual accessed certain systems on SEI’s network. The intrusion was identifed and stopped the same day. Their investigation revealed that the individual had copied an encrypted database that contained payment cardholders’ names, card numbers, and expiration dates.
Of note, SEI stated that they were unable to confirm whether the unknown individual could decrypt the information:
We cannot confirm whether the unknown individual could decrypt that information. Please note, the database file did not contain additional information normally required to process a payment card transaction, including address or contact information, card verification value or security code, or magnetic stripe data.
According to their submission to the Maine Attorney General’s Office, a total of 209,328 people were affected by the incident, including 260 Maine residents.
Their notification letter also explained that SEI:
notified the payment card providers (Visa, Mastercard, American Express, and Discover) about
this matter so they could take steps to monitor your payment card information. We are also notifying you about this matter so you can take steps to monitor your payment card information. Additionally, we are evaluating our technical security measures and policies and have implemented enhancements to mitigate the risk of a matter like this reoccurring.