Security researchers have stumbled upon an unsecure database exposing over 9 million records of Cornerstone Payment Systems, a leading California-based credit card processing company.
Website Planet investigators alongside security researcher Jeremiah Fowler noted that the non-password-protected database contained 9,098,506 transaction records as well as personally identifiable information, mostly linked to donations and recurring payments for religious organizations, charity campaigns and nonprofits.
Here’s a breakdown of the exposed contents:
Researchers also notified Cornerstone Payment Systems, which promptly secured the database, barring all public access to the information. Although no signs of malicious access have been noted at this time, investigators warned of risks such as targeted phishing attacks against customers.
“One potential risk would be criminals reaching out to customers and pretending to be a legitimate merchant or organization,” researchers said.
“The criminals would have all of the insider knowledge to build a relationship of trust with their victims to obtain additional payment information or a Social Security Number (SSN) or other data that could be used for nefarious purposes,” the researchers continued. “For example the criminal calls and says ‘I see you donated $500 back in March to support XYZ cause and we need you to validate the credit card ending in 1234.’ The victim would have no reason to doubt this was a legitimate call.”
Looking for an easy way to stay on top of data breaches and leaks, and monitor your online presence against privacy risks and fraud?
Grab a Bitdefender Digital Identity Protection tool or a Bitdefender Identity Theft Protection plan (US only) for more peace of mind amid growing data breaches and fraud cases.
tags
Alina is a history buff passionate about cybersecurity and anything sci-fi, advocating Bitdefender technologies and solutions. She spends most of her time between her two feline friends and traveling.
View all postsDecember 19, 2024
November 14, 2024