NoMoreRack Investigates Possible Attack

Online Retailer Says No Evidence of Breach Detected
NoMoreRack Investigates Possible Attack

Online retailer NoMoreRack.com has confirmed it is investigating a possible breach of its payments processing network, but says no evidence of a card breach has yet been detected.

See Also: 57 Tips to Secure Your Organization

The company is an online shopping site that sells discounted brand-name products.

In a March 14 statement provided to Information Security Media Group, Vishal Agarwal, NoMoreRack's chief marketing officer, writes: "There is no conclusive proof that there has been a breach. ... We are also undergoing a PCI compliance Level 1 audit [customary for e-commerce/online retailers], even though, by our transaction count, we are only required to undergo a Level II audit."

Agarwal also says a forensics audit of its network is underway - a step the company initiated after it was notified by Discover Card about suspicious card activity. No other card brands have sent alerts to the company, according to the March 14 statement.

"We do not store credit card data, so the chances of cards being compromised from our system is non-existent," Agarwal says. "An audit has already revealed that there was no conclusive evidence of [a] breach, but we are still undergoing another audit and a higher level of PCI compliance than required."

Two Discover Alerts

The February alert marks the second time Discover has alerted NoMoreRack of suspicious transactional activity. According to the retailer, a similar warning came from Discover in August 2013, suggesting that NoMoreRack was the likely point of compromise for an undisclosed number of compromised cards that had been dinged by fraudulent transactions.

News of NoMoreRack's February incident broke March 12, when security blogger Brian Krebs reported about a possible breach.

NoMoreRack's possible breach comes on the heels of numerous retail attacks and suspicious incidents, including the high-profile breaches of Target Corp. and Neiman Marcus, both of which involved malware that compromised payment cards.


About the Author

Jeffrey Roman

Jeffrey Roman

News Writer, ISMG

Roman is the former News Writer for Information Security Media Group. Having worked for multiple publications at The College of New Jersey, including the College's newspaper "The Signal" and alumni magazine, Roman has experience in journalism, copy editing and communications.




Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing bankinfosecurity.com, you agree to our use of cookies.