Hacking group steals card data from online campus stores

A hacking group, Mirrorthief, has struck the online campus stores across the US and Canada. The team of hackers was reportedly successful in using a scripting technique to steal card data from online campus stores.

According to TrendMicro, the group used scripts on checkout pages of websites which were created by PrismRBS to steal card details. Among the stolen card details were names, addresses, and phone numbers. Although the number of those affected by the hack is unknown, it is believed that the group attacked as many as 201 online campus book and merchandise online stores.

The hackers specifically targeted the websites created by PrismRBS, a subsidiary of Nebraska Book Company. The group was able to compromise the security of the company’s PrismWeb e-commerce platform which is designed for college stores by the company. TrendMicro wrote in its report: “The attacker injected their skimming script into the shared JavaScript libraries used by online stores on the PrismWeb platform.”

Upon receiving the warning, PrismRBS sprung into action and initiated an investigation into the matter by getting the necessary authorities involved. The company is now notifying the potentially impacted customers. The company gave out a statement: “Protecting the security and privacy of information remains a top priority. We are taking steps to further strengthen the security of our systems, including enhanced client-side and back-end monitoring tools and a comprehensive end-to-end audit of our systems. Once our investigation concludes, we will be providing our customers with additional information and guidance.”