Southeastern Pennsylvania Transport Authority shuts down online store after 760 customers’ data is compromised

Exploit: Malware attack
Southeastern Pennsylvania Transport Authority: American transport authority

Risk to Small Business: 1.888 = Severe: The online store for the Southeastern Pennsylvania Transport Authority was victimized by Magecart malware, a data skimming attack that steals customer data at checkout. In response, the department permanently closed their online store. The malware was spotted on July 16th, but it took the agency more than two months to gather relevant data and notify customers. The lengthy delay could have compromised additional users while also exacerbating the inevitable PR nightmare that always accompanies a breach.

Individual Risk: 2.428 = Severe: Hackers gained access to the most sensitive form of e-commerce data, including names, credit card numbers, and addresses. Since this information can quickly spread on the Dark Web and then used to perpetuate additional financial or identity fraud, those impacted by the breach should notify their financial institutions and enroll in identity and credit monitoring services as soon as possible.

Customers Impacted: 761
How it Could Affect Your Customers’ Business: Providing a seamless, secure online experience is a critical component of any organization’s relationship with its constituents in the digital age. However, these efforts are undermined when data breaches occur at checkout and are not discovered for months on end. In order to increase the ROI of any e-commerce experience and avoid legal penalties, companies and institutions must be able to detect potential misuse of user data.

Risk Levels:

1 - 1.5 = Extreme Risk
1.51 - 2.49 = Severe Risk
2.5 - 3 = Moderate Risk

*The risk score is calculated using a formula that considers a wide range of factors related to the assessed breach.