The information was exposed when a hacker managed to breach the HuskeyDirect.com database, which has billing information for about 18,000 customers who use the site to buy Husky-branded sports items from the UConn Co-op. The Co-op acts as the university's bookstore but is a run as a separate, member-owned non-profit group.
The information includes names, addresses, e-mail addresses, credit card numbers, expiration dates and codes.
The retail site is managed for the co-op by an unnamed third-party vendor. It was this vendor that alerted the co-op about the attack, according to a on Jan. 11.
In a separate FAQ, the co-op says the Web site vendor reported that the hacker had compromised an administrative password to gain access to the encrypted credit card data. "The hacker appears to have unencrypted that data," according to the .
The credit card information was encrypted, but the hacker appears to have unencrypted that data.
The co-op's first response was to order the Web site shut down, and pull the database offline. It then notified the customers, and "is in the process of arranging for credit protection" for them. The breach only affects those who made online purchases of items on the HuskyDirect Web site.
John Cox covers networking and mobile computing for Network World.
:
Blog RSS feed:
in Network World's Wide Area Network section.