If you thought that we were in the clear for holiday hacking, then you thought wrong. We have another report on a data breach, and this one is nearly as bad as Target.
We don't have the full fallout yet, but it's pretty bad. A company called "Charge Anywhere" revealed that malicious software jeopardized credit card transactions from as far back as November 2009.
Charge Anywhere is an electronic payment provider that partners with companies big and small. The information stolen includes customers' names, credit card numbers, security codes and expiration dates.
What does charge anywhere have to say for itself? You're not going to like the answer.
“The investigation revealed that an unauthorized person initially gained access to the network and installed sophisticated malware that was then used to create the ability to capture segments of outbound network traffic,” the company explained. “Much of the outbound traffic was encrypted. However, the format and method of connection for certain outbound messages enabled the unauthorized person to capture and ultimately then gain access to plain text payment card transaction authorization requests.”
Charge Anywhere claims that only transactions from August 2014 to September 2014 were identified, but it did admit that the "unauthorized person" had access as far back as November 2009.
That's not really comforting.
If you have a small business or are worried about your credit card information being compromised, you can go to Charge Anywhere's website and search for businesses that were affected in this breach of security.