14 DAY TRIAL // A cyber-attack targeting the shopping cart software on multiple Sourcebooks websites has left payment information of customers exposed to unauthorized individuals.
Sourcebooks is a book publishing company based in Naperville, Illinois, who offers both hard-cover and digital books in most consumer categories. Its book distribution is limited to the United States and Puerto Rico.
Recently, the company has learned about an intrusion on the shopping cart software that lasted from April 16, 2014 until June 19, 2014. As a result, unauthorized parties were able to access customer credit card information, which includes card number, expiration date, cardholder name and card verification value (CVV2).
In the case of some clients, billing and shipping information containing first name, last name, email address, phone number, address and even account passwords were exposed as well.
According to a sample letter for customers affected by the incident, the extent of the breach is yet to be determined as investigation is still ongoing, carried out by third-party forensics experts.
The letter is signed by Dominique Raccah, owner and CEO of Sourcebooks, who informs that the customers are not liable for any fraudulent charges recorded on their credit cards. However, it is recommended to monitor card activity and report any incidents of suspected identity theft to the financial institution that issued the card as well as to law enforcement authorities.
“I know this breach may have had a very real impact on you, causing frustration and concern. We share those feelings. You trusted us with your information, and you deserve better,” says Raccah in the letter.
“We want to earn back your trust and ensure that we deliver the personalized experience you know and love. We are determined to make things right for you, and we will,” she concluded.