Red Card! MLSGear.com Shoppers Exposed To Identity Theft

Computerworld is reporting that “a series of SQL injection attacks” on a third-party e-commerce company’s servers has compromised the personal data of customers who shopped at Major League Soccer’s MLSgear.com website. One affected customer told us he received a letter from MLSgear.com letting him know what had happened and offering him free credit monitoring services for a year, which is apparently the standing corporate response to personal data theft.

Bob writes:

I purchased a shirt from MLSGear.com a few months ago. I just received a letter from Mark Abbott, President of MLSGear.com letting me know that their third party ecommerce vendor got hacked and my data may have been accessed…or not.

Anyway, it seems they canned their third party ecommerce vendor, and they are offering free credit monitoring services for the next year.
I wish my data was not compromised to begin with, but I will take the monitoring service. I am glad they are standing up and taking the responsible action. (would they if there were no laws?)

As security breaches go, this one hit a small number of people—169 New Hampshire residents according to the article—but “security analysts expect such attacks to become increasingly common because a large number of Web sites are vulnerable to them.”

In recognition of that, the major credit card companies in July will begin requiring retailers and other merchants that accept payment cards to either install a firewall in front of all Web-facing applications or submit custom application code to an outside security firm for a vulnerability review.

“Soccer league’s online shoppers get kicked by security breach” [Computerworld]