14 DAY TRIAL // Data breach incidents are no longer rare and more and more websites, from different business sectors, are targeted by cybercriminals who are after card information. On Thursday, Sinclair Institute informed some of its customers of an unauthorized intrusion leading to access to payment information.
After learning about the incident from its hosting partner, the company proceeded to apply additional protective measures that would prevent recurrence of the undesired event.
It appears that the attack lasted for almost the entire month of August, as it started on August 3 and lasted until August 28.
The method used by the perpetrators to slip in the malware has not been disclosed, but the company informs that their IT administrators were able to remove the malicious files from the affected system.
As far as the illegally accessed data is concerned, this included account credentials, names and addresses, birthday dates, phone numbers, email addresses and credit card information consisting of number, expiration date and the CVV (card verification value) code.
CVVs are used in online purchases to reduce fraud by proving that the buyer has the physical credit or debit card. According to the Payment Card Industry, such codes should never be stored by merchants on their systems.
In a copy of the letter to the affected customers sent to the Office of the Vermont Attorney General, the company did not reveal the number of individuals affected by the incident. In California, the Attorney General has to receive a copy of the breach notice if more than 500 persons are impacted.
The Sinclair Institute has been founded in 1991 and it is in the business of distributing sexual health products for adults as well as videos relating to intimate relationships education.
According to the company, it is committed to donating more than a third of its profits to an organization engaged in programs for preventing HIV/AIDS in Africa, Asia and Latin America.