If you’re a Web.com customer, keep an eye out for fraudulent transactions on your credit or debit card statement – 93,000 customer credit card numbers may have been accessed in a data breach.
Web.com, which is based in Jacksonville, Florida, provides small businesses with web services that include website design, marketing, e-commerce, hosting and domain registration.
The company claims to have more than 3.3 million customers and owns two other well-known web services companies – Register.com and Network Solutions.
Web.com says that computer systems at Network Solutions and Register.com weren’t affected in the attack.
However, the credit card information of customers of those companies who’ve also purchased services from Web.com may have been compromised.
The company put up an FAQ page in which it said that last week, on Thursday, 13 August, it discovered an attack on one of its systems during its ongoing security monitoring.
Web.com says it shut down the unauthorized access and immediately began working with a leading IT security firm to conduct an investigation.
Affected customers should have already received an email about the data compromise, along with what steps they should take.
Web.com also said that it sent a letter via snailmail that should arrive in the next few days.
The company said that the breach involved names and addresses attached to credit cards in addition to the credit card information itself.
If you run a business using Web.com services, you’ll be relieved to hear that your own customers’ credit card numbers or other personally identifiable information (PII) escaped unscathed.
That’s because the breach appears to have been isolated to one computer system, and that system wasn’t used to store data for the customers of Web.com customers.
Neither were card validation codes compromised, although it should be noted that there are sites online that take credit card payment without requiring them.
Affected users are being offered free credit monitoring for one year.
What to do
Web.com is advising customers to keep an eye out for any suspicious or unusual activity on any credit/debit cards that have been used with Web.com.
It’s also advising customers to monitor their own credit reports through Equifax, Experian, and/or Transunion (it gives contact information to the credit bureaus on its FAQ).
Of course, it’s also encouraging affected customers to sign up for the free one-year credit monitoring offered to affected customers, by following the enrollment steps included in the email and letter.
If you see fraudulent charges, immediately alert the financial institution that issued the credit or debit card.
You’ll be given instructions on how to dispute bogus charges, and the institution will issue a new card to prevent further unauthorized activity.
Image of credit cards courtesy of Shutterstock.com.
Dan
What is the date range of the data dump? I am only asking, because we had to use Web.com for school and I used their premium package to buy a website there so I could host my own domain. This was 2012 to 2013, or should I assume that my data was taken to?
Anonymous
Always assume the worse.
Anonymous
However, the credit card information of customers of those companies who’ve also purchased services from Web.com may have been compromised.
This is a bit confusing. What are THOSE companies? Network Solutions and Register.com???
Anon
So this data wasn’t encrypted, or they got the encryption key as well?