Magecart Monthly: New Targets – Hospitality, Transport and Retail Industries
Here’s the latest news on Magecart and other website attacks! We’ve trawled the web for the latest news of data breaches, including updates on previous attacks with insights from our own Security Researcher.
- Hotel Chains
- Garmin SA
- Fragrance Direct
2 unnamed hotel chains with more than 180 locations across 14 countries have fallen victim to Magecart. SC Magazine reported the incident in which the hotel websites were compromised by a third-party supply chain attack.
Roomleader, a Barcelona-based digital marketing and web development firm, is the third-party responsible for the vulnerability. Both hotel websites were developed by Roomleader, a company that helps hotels build their online booking websites. The malicious code was injected into the script of Roomleader’s module called ‘viewedHotels’.
The hospitality industry has had its fair share of cybersecurity issues. In November 2018 Marriott revealed private information of approximately 339 million guests including names, addresses, phone numbers, passport numbers, and emails. The ICO intends to fine the hotel chain £99.2m. Information Commissioner, Elizabeth Denham explains “The GDPR makes it clear that
Public transport company SEPTA have had their online store compromised for 25 days. The Philadelphia Inquirer reported the attack explaining that Shop.septa.org had been infected with malicious code. The site was used to make ticket purchases and also sold SEPTA merchandise. SEPTA spokesperson Andrew Busch said “It wasn’t heavily used.” However from June 21st to July 16th, when the site was compromised, 761 customers had their personal and financial information stolen.
The attack came to SEPTA’s attention on July 16th after a customer received a malware warning whilst using the site. SEPTA shut down the affected site within an hour of discovering the attack and worked with an IT Consultant to quickly identify the source. Although SEPTA acted quickly to identify the attack, it took almost two months before affected customers were notified.
One customer explained that their card had already been used in fraudulent activities. He commented that SEPTA’s delay in notifying him of the information theft was frustrating. “I do feel dissatisfied,” he said. “They should have told me earlier.” Busch explained “What took us some time was making sure we had accurate information on individuals who were affected” going on to say “It takes some time to get your hands around it.”
RapidSpike’s Security Researcher had the following to say; “Although dealing with the aftermath of a data breach can be extensive, SEPTA’s response to the data breach is disappointing. SEPTA are fortunate they had a customer using malware protection software or this breach could have continued for months or even years. SEPTA need to take responsibility for their customer’s data, however few there are.
On the 12th
At the time of writing this article, the Garmin SA website portal is still in maintenance mode. Garmin did confirm this incident is limited to
On 27th September, The Register reported that Fragrance Direct’s website has been compromised in the latest Magecart attack. Macclesfield-based company Fragrancedirect.co.uk, confirmed the attack stating; “We recently discovered that some of our user data may have been compromised as a result of unauthorised access to our website by a malicious third party”.
A digital security firm has been hired to assist with dealing with the incident, once an investigation was undertaken, they quickly found the source of the problem and “have taken the necessary steps to address the issue”.
Fragrance Direct have reported the data breach to the ICO and the ICO responded stating; “Fragrance Direct has reported an incident to us and we will assess the information provided”. Fragrance Direct have also informed all affected customers and provided an apology, however, the details of the incident including number of customers affected, are yet to be released.
RapidSpike security researchers have taken the time to investigate all Magecart attacks mentioned. We can confidently say our Data Breach Monitor would have detected every attack. Learn more about our Data Breach Monitor.