UConn reports data breach of online retail site

Admin password hacked, credit card data decrypted

An online retail site at University of Connecticut is warning thousands of customers that their billing information may have been hacked.

12 "White Hat" hackers you should know

The information was exposed when a hacker managed to breach the HuskeyDirect.com database, which has billing information for about 18,000 customers who use the site to buy Husky-branded sports items from the UConn Co-op. The Co-op acts as the university's bookstore but is a run as a separate, member-owned non-profit group.

The information includes names, addresses, e-mail addresses, credit card numbers, expiration dates and security codes.

The retail site is managed for the co-op by an unnamed third-party vendor. It was this vendor that alerted the co-op about the attack, according to a statement issued by the co-op on Jan. 11. 

In a separate FAQ, the co-op says the Web site vendor reported that the hacker had compromised an administrative password to gain access to the encrypted credit card data. "The hacker appears to have unencrypted that data," according to the FAQ

The credit card information was encrypted, but the hacker appears to have unencrypted that data.

The co-op's first response was to order the Web site shut down, and pull the database offline. It then notified the customers, and "is in the process of arranging for credit protection" for them. The breach only affects those who made online purchases of items on the HuskyDirect Web site.

John Cox covers wireless networking and mobile computing for Network World.

Twitter: http://twitter.com/johnwcoxnww

Blog RSS feed: http://www.networkworld.com/community/blog/2989/feed

From CSO: 7 security mistakes people make with their mobile device
Join the discussion
Be the first to comment on this article. Our Commenting Policies