Mission Health, a health services provider in North Carolina, suffered a breach of its web store that went undiscovered for over three years. The campaign can be considered a Magecart attack, since hackers injected card skimming malware into the online store in order to harvest the payment card data of visitors. Magecart is an umbrella term for various criminal groups that operate in this manner.
The malicious code went live in March of 2016, and remained on the website until June of this year. Mission Health said that it has “conducted a comprehensive review of all transactions made on the site during the timeframe of the incident” and that customers who may have been affected by the breach have been informed. The web shop has been taken offline and is currently being rebuilt.
Read more: Mission Health online store hijack went undetected for years