Payment page malware infection live for most of March, snares 20k punters
British hardware chain Robert Dyas' website has been hit by credit-card stealing malware that siphoned off customers' payment details including the long card number, expiry date and security (CVV) code.
Between 7 and 30 March a card skimmer was present on Robert Dyas' payment processing page, the chain admitted in an email sent to affected customers that was seen by The Register.
"We became aware on 30 March 2020 that malicious software (malware) had been uploaded on to our ecommerce website by an external third party, which was immediately blocked by our IT Security team," said the email.
Stolen data is said to include "personal and credit/debit card details, along with names and addresses of customers." Nobody's Robert Dyas password was stolen, though that will be the least of the affected people's ..
Support the originator by clicking the read the rest link below.
