. home.aspx



Malware Attack Prompts US Transport Authority to Axe Online Store

September 24, 2019 / Sarah Coble

An American transport authority has responded to a malware attack by permanently closing its online store. The Southeastern Pennsylvania Transport Authority (SEPTA) shuttered the site Shop.SEPTA.org within an hour of discovering that the personal data of 761 customers had been stolen in a data-skimming Magecart attack. Hackers were able to steal shoppers' credit card numbers, names, and addresses during an online crime spree thought to have begun on June 21 and ended on July 16. The store, which sold online travel tickets along with SEPTA-branded mugs and clothing, was hosted by Amazon Web Services. SEPTA was alerted to the attack on July 16 by a user who received a malware warning while browsing the online store. However, the transport authority waited until September 5 to inform customers affected by the attack by letter that a breach had taken place.