At least 12,000 people had sensitive financial information stolen by hackers who secretly implanted malicious code into the utility payment website of the city of Lubbock, Texas. In the past, hackers used skimmers which were physical devices installed on payment terminals, however, since the start of the COVID-19 pandemic and the increased popularity of e-commerce, hackers have adapted and are now using e-skimmers, which is a malicious code inserted into an e-commerce website used to steal data inputted into the payment field — most recently impacting the website of the Green Bay Packers. The city began sending breach notification letters to victims across the country this week, explaining that the people impacted include anyone who made a utility payment between December 18, 2024, and January 6, 2025. Cybersecurity experts at Recorded Future track the exposure of payment cards stolen by hackers and sold on the dark web each month. “Customers attempting to make payments on the legitimate COLU payment website were being directed to the fake pop-up window between December 18, 2024, and January 6, 2025,” officials said. Texas’ state data breach portal said 12,503 people in Texas were affected but notices were filed in several other states including Vermont. The hackers stole names, billing addresses, payment card numbers, CVVs and expiration dates. “We also observed five million freely posted full card records on Telegram” the payment fraud intelligence team said. Another large Texas organization, the State Bar of Texas, announced a data breach this week impacting at least 2,700 people in the state. Sensitive data like Social Security numbers, passports, credit card numbers and more were stolen in the attack, which was claimed by the Inc ransomware gang one month ago.
This Cyber News was published on therecord.media. Publication date: Thu, 03 Apr 2025 23:25:08 +0000