Children’s shoe maker Start-Rite confirms major safety incident, complete customer data has been leaked
- Start-Rite is notifying customers of a major data breach in which credit card information has become public
- Details about the attackers are not yet known
- Users with purchases between October 14 and November 7 should carefully check their bank statements
Children’s shoe brand Start-Rite has confirmed that there has been a painful data breach in which customer payment details have been lost.
The company confirmed the breach in a message to affected customers: The registry revealed, but not all details about the breach are known at this time, so we don’t know who the attackers were, how many people were affected, or how the breach occurred.
What we do know is that the incident occurred between October 14 and November 7, as Start-Rite told customers in its data breach notification email. The stolen information includes full names (as seen on credit and debit cards), mailing addresses where the cards are registered, card numbers, expiration dates, and the CVV numbers. In other words, whoever collected this information has everything they need to make online ticket purchases, commit bank fraud, commit identity theft and more.
NS and friends
“On November 11, Start-Rite Shoes became aware that a security incident had occurred via a third-party application code on www.startriteshoes.com,” the company said. The Register. “The breach potentially provided access to customer bank card details. The website is now secured and the malicious code and third-party app have been removed.”
The company’s social channels and website are not yet commenting on the incident, but Start-Rite advised customers to disable the cards and ask their bank for a new one, noting “we recommend that you contact contact your bank or credit card provider and ask them to cancel the card you paid us with and issue you a replacement card. You may be able to do this immediately through your mobile banking or credit card app.
The company also advised users to double-check all transactions starting October 14. “If you see anything that seems strange, you should contact your bank or credit card company, tell them that you did not authorize the transaction and request a refund. You may wish to provide them with a copy of this email in support of your request.”
Given the wording of the statement, it appears this may have been a credit card skimmer code installed on the company’s e-commerce site, like the one MageCart crooks used to drop.
