[BreachExchange] Hackers nab credit card data from up to 1, 000 California Realtors

Wed Jul 12 01:18:47 EDT 2017

http://www.ocregister.com/2017/07/10/hackers-nab-credit-card-data-from-up-to-1000-california-realtors/

Just over 1,000 California Association of Realtors members may have
been affected by a breach of the online store they use to buy
everything from blank home sales contracts and disclosure forms to
books, software, magnets, lapel pins and coffee mugs.

The malware attack, which occurred from March 13 through May 15,
prompted CAR subsidiary Real Estate Business Services to notify the
affected 1,033 members last week their personal data may have been
stolen while using payment cards such as credit cards for online
purchases.

The list of potential victims is limited to CAR members, such as real
estate agents and mortgage brokers, as opposed to the general public.
Still, the breach is worrisome in that the hackers penetrated the Real
Estate Business Services computers even though they were equipped with
virus and malware protection, said Debra Ferrier, REBS chief
executive.

“We’d like to keep ahead of these guys, but these guys are so smart
it’s sickening,” Ferrier said.

The breach was discovered after a member called and said, “My credit
card got hacked.” Apparently, illicit charges to the member’s card
were made right after he bought something online at the store.car.org
site, the REBS web address.

REBS brought in computer experts, who discovered malware had been
uploaded onto the store’s payment processing software. The malware
made it possible for hackers to get a user’s name, address, payment
card number, card expiration date and, in some cases, the three-digit
card verification code (or CVC) — in short, everything needed to bill
charges to a customer’s account.

REBS has changed its payment processing, using PayPal rather than
taking payment card data directly. In addition, the online store is
offering free LifeLock card monitoring for a year to affected members.

“We’ve changed all our practices,” Ferrier said.

Although 1,033 members used their payment cards to make purchases
during period REBS computers were infected, Ferrier said she doesn’t
know how many cards were hacked.

REBS is advising members to monitor their account statements, review
their credit reports and consider placing a fraud alert on their
credit reports.