US-based online enterprise PulseTV has revealed that it has experienced a large-scale breach where its customers’ credit card information has been compromised.

A recent breach notice letter sent to the Maine Attorney General’s Office detailed how over 200,000 online shoppers had been impacted by the incident.

The online shopping platform first identified a potential data breach from VISA back in March last year. VISA informed PulseTV that credit card transactions without authorisation were happening on the website.

However, after running its own security checks and carrying out scans for malware, the online retailer was not able to pinpoint any problems on its shopping website. The issue persisted and law enforcement agencies were forced to contact the electronics site month later concerning payment card compromises originating from PulseTV.com.

Expert assistance tracks down the breach

In a concerted effort to mitigate the issue, PulseTV started another round of investigations into the matter. Instead of relying solely on its own security teams, the e-commerce firm opted to instead engage the services of an expert third-party specialist. Initial findings of the investigators in mid-November revealed that PulseTV.com was a common purchase point of an extensive number of unauthorised credit card transactions involving MasterCard.

After consulting with third party investigative team and credit card companies, PulseTV issued a statement regarding which of its customers might potentially be impacted by the problem:

“Based upon communications with the card brands, it is believed that only customers who purchased products on the website with a credit card between November 1, 2019, and August 31, 2021, may have been affected.”

Information exposed in a data breach

PulseTV also issued an advisory regarding the type of personal information that may have been compromised during the breach.

Private data included all information required for card-not-present payment transactions common in online shopping, such as full names, email addresses, shipping addresses, payment card numbers, payment card security codes (CVVs) and payment card expiry dates.

The company warned that PulseTV customers who made purchases from its site during the listed breach period are strongly recommended to keep a watchful eye on their credit records and bank statements for any unauthorised transactions.

The e-commerce platform also stated that it is now migrating to another payment system and will be activating multifactor authentication on all customer accounts. It added that it will utilise endpoint protection solutions for enhanced network visibility and improved threat mitigation.

The company insists that its investigations revealed no breach on its systems, but they were still a common focus point for numerous unauthorised transactions.

As a result, it is currently unclear if the recent incident involves a deeply hidden card skimmer, planted on the shopping site or if cards were in fact stolen from elsewhere and simply used to shop at PulseTV.com.

In many cases stolen credit cards are employed to purchase goods. These products are then delivered to established package mules who can then sell the goods on for cash.

Ensure that the sensitive data in your enterprise is never compromised with Galaxkey’s trusted and proven data protection product, which you can try out in a free 14-day trial.