Exploit: Third-Party Risk
Acro: Beauty Retailer
Risk to Business: 1.826 = Severe
Japanese e-commerce beauty company Acro has disclosed a data breach that has exposed the details of more than 100,000 payment cards. The incident included two of the company’s four retail websites. Acro is pointing to a security incident at a third-party service provider as the cause. The company specified that the compromised data related to 89,295 payment cards used to pay for goods on the Three Cosmetics domain and 103,935 cards used on its Amplitude site. Victims potentially include anyone who made purchases on either of the two sites between May 21, 2020, and August 18, 2021.
Individual Risk: 1.713 = Severe
The stolen data potentially contains credit card information including cardholder names, payment card numbers, expiration dates, and security codes.
How it Could Affect Your Customers’ Business Cybercriminals love credit card data because it’s a reliable commodity in dark web markets for quick profits.
Source: portswigger