Login

Register

Login

Register


A Florida company that offers guitar lessons online to millions of students around the world has suffered a data breach.

Unauthorized access of TrueFire’s computer system went on for six months before the breach was detected on January 10, 2020. 

In a data breach notification letter dated March 9, 2020, and signed by TrueFire Chief Customer Officer Ren Wright, users who made purchases via the website truefire.com between August 3, 2019, and January 14, 2020, were warned that their data may have been compromised.

Wright said that data exposed during the lengthy breach may have included names, addresses, payment card account numbers, card expiration data, and security codes.

Though the company does not store customers’ payment card information itself, it warned that threat actors with access to its computer system may have been able to steal this information in real time as users bought classes and courses.

Wright wrote: “On January 10, 2020, TrueFire discovered that an unauthorized person gained access to our computer system and, more specifically, to information that consumers had entered through our website.

“While we do not store credit card information on our website, it appears that the unauthorized person gained access to the website and could have accessed the data of consumers who made payment card purchases, while that data was being entered, between August 3, 2019 and January 14, 2020.”

TrueFire did not reveal how the breach was discovered but said that it has been reported to law enforcement. The company also said that it is “working with computer forensic specialists to determine the full nature and scope of the intrusion.”

The company has advised its users to review their credit and debit card statements and check for any discrepancies or unusual activity. 

“You should also remain vigilant and continue to monitor your statement for unusual activity going forward,” wrote Wright. No offer was made to provide users with free credit monitoring services. 

In their breach notification letter, TrueFire gave no reason as to why they waited until March 9 to inform users of the breach that was discovered on January 10. No mention of the data breach could be found on the TrueFire website at time of publication.

____________________________________________________________________________________________________________________

#infosec #itsecurity #hacking #hacker #computerhacker #blackhat #ceh #ransomeware #maleware #ncs #nationalcybersecurityuniversity #defcon #ceh #cissp #computers #cybercrime #cybercrimes #technology #jobs #itjobs #gregorydevans #ncs #ncsv #certifiedcybercrimeconsultant #privateinvestigators #hackerspace #nationalcybersecurityawarenessmonth #hak5 #nsa #computersecurity #deepweb #nsa #cia #internationalcybersecurity #internationalcybersecurityconference #iossecurity #androidsecurity #macsecurity #windowssecurity
____________________________________________________________________________________________________________________

Source link

Leave a Reply

Shqip Shqip አማርኛ አማርኛ العربية العربية English English Français Français Deutsch Deutsch Português Português Русский Русский Español Español

National Cyber Security Consulting App

 https://apps.apple.com/us/app/id1521390354

https://play.google.com/store/apps/details?id=nationalcybersecuritycom.wpapp


Ads

NATIONAL CYBER SECURITY RADIO

Ads

ALEXA “OPEN NATIONAL CYBER SECURITY RADIO”

National Cyber Security Radio (Podcast) is now available for Alexa.  If you don't have an Alexa device, you can download the Alexa App for free for Google and Apple devices.   

nationalcybersecurity.com

FREE
VIEW