CitySights NY Data Breach Exposes 110,000 Customers' Personal Information
Dec 23, 2010
CitySights NY, a company that organizes New York City tours on double-decker buses, has experienced a significant data breach. The personal information of 110,000 customers, including names, addresses, email addresses, credit card numbers, expiration dates, and Card Verification Value (CVV2) codes, was stolen. The breach likely occurred on September 26, when attackers used an SQL injection to upload a malicious script to the web server. The intrusion was discovered on October 25 by a web programmer who found the unauthorized script. According to a breach notification letter sent to and published by New Hampshire's attorney general, Twin America, CitySights NY's parent company, confirmed the compromise. In response to the breach, Twin America has taken several steps to enhance data security, including: Changing all administrative-level passwords to more complex ones. Restricting access to the administration panel and server to a few pre-approved IP addresses. Patching scri