- A+
Further details on this data breach are still unknown 有关此数据泄露的更多详细信息仍然未知
Buying a gift for a birthday or mother's Day could have been truly harmful for many people.为生日或母亲节购买礼物可能对许多人来说真的有害。 Digital forensics specialists from the International Institute of Cyber Security reported that payment card information of the online flower shop 1-800-Flowers customers has been stolen due to a security issue persistent for about four years.国际网络安全研究所的数字取证专家报告称,由于安全问题持续了大约四年,网上花店1-800-Flowers客户的支付卡信息被盗。
Ontario Inc. , the Canadian flower sale site operator, has notified the California attorney General's office in compliance with the data breach notification procedure at Golden State.加拿大花卉销售网站运营商安大略公司已根据金州的数据泄露通知程序通知了加利福尼亚州总检察长办公室。 The company mentioned that its information security and digital forensics team identified anomalous behavior in their systems;该公司提到其信息安全和数字取证团队在其系统中发现了异常行为; a subsequent investigation showed evidence of unauthorized access to the payment card information used by the company's customers.随后的调查显示未经授权访问公司客户使用的支付卡信息的证据。
According to the company's reports, the compromised information includes users' full names, payment card numbers, expiration date, and card security code.根据该公司的报告,受损信息包括用户的全名,支付卡号,到期日期和卡安全码。
As if it was not enough, Ontario Inc. also mentioned that, according to the estimates of its digital forensics team, the exposure of this information lasted from August 2014 to September 15 of the current year.好像这还不够,安大略公司还提到,根据其数字取证团队的估计,这些信息的曝光持续到2014年8月至今年的9月15日。 The data extraction malware injection is one of the probable causes of the security incident, although this does not explain how the data exposure could persist for four years, so it is thought that a critical vulnerability or some error with 1-800-Flower website configuration could be the main reasons why the problem persisted for so long.数据提取恶意软件注入是安全事件的可能原因之一,虽然这并不能解释数据暴露如何持续四年,因此认为1-800-Flower网站配置存在严重漏洞或一些错误可能是问题持续这么久的主要原因。
The company has not revealed the number of affected users.该公司尚未公布受影响用户的数量。 However, data protection legislation in California requires that this kind of incidents be notified when 500 or more Californians have been affected;但是,加利福尼亚州的数据保护法规要求在500名或更多加州人受到影响时通知此类事件; in addition, a local media has reported that about 75k orders to 1-800-Flowers would be involved in the incident.此外,据当地媒体报道,事件中将涉及约7万至1-800-Flowers的订单。 On the other hand, a spokesperson for the company has stated that only “a small number of orders” have been affected.另一方面,该公司的发言人表示只有“少量订单”受到影响。 In addition, he said that the company's main website for the United States appears to be exempt from any security breach.此外,他表示,该公司的美国主要网站似乎免于任何安全漏洞。
“In Ontario Inc. we take the security of our customers' personal information as a really serious matter”, the spokesman said.发言人说:“在安大略省,我们将客户个人信息的安全性作为一个非常严重的问题”。 “We have taken the necessary measures to prevent these kinds of incidents from reappearing in the future; “我们已采取必要措施,防止此类事件再次出现; for example, we have redesigned the company's website in Canada and implemented additional security measures.例如,我们重新设计了公司在加拿大的网站,并实施了额外的安全措施。 In addition, we are working with any partner who operates with payment card information so that any institution issuing payment cards is notified,” he added.此外,我们正在与任何使用支付卡信息的合作伙伴合作,以便通知任何发行支付卡的机构,“他补充道。
Information security specialists are concerned about the growing number of recently occurred security incidents, such as data breach in the Marriott hotel chain, the US Postal Service and the Quora Q&A web platform.信息安全专家担心最近发生的安全事件越来越多,例如万豪连锁酒店,美国邮政服务和Quora Q&A网络平台的数据泄露事件。