The giftcard/exchange system of the clothing chain C&A in Brazil has suffered a data breach at the hands of a hacking group known as Fatal Error Crew.
Don Duncan, Security Engineer at NuData Security:
“Hackers went for the gift card platform and were able to expose the ID numbers of gift cards, email addresses, the amount loaded onto the cards, order number, and date of purchase. What’s more interesting is that, based on the hacker’s statement, their primary goal was not to make money – in their statement they say that they “do not endorse financial crimes” – but to give C&A some sort of lesson. However, the Fatal Error Crew hacker group can now use any of the information extracted from the C&A systems to commit gift card fraud. This means that C&A will require security measures that go beyond static credentials and card numbers to detect anomalous activity on their gift card redemption placement. Similarly, technologies that look for anomalous behavior based on the user’s inherent patterns can help companies mitigate post-breach damage.”