Guitar lesson service TrueFire is admitting that they suffered from a data breach. Customers have been exposed for a period of 6 months.
It’s the latest online service to suffer form a data breach. TrueFire, a service that offers guitar lessons, is notifying their customers that their personal information may have been exposed to hackers. While the company did say that they do not store critical information like credit card numbers, they admit that it would be possible in this scenario for hackers to obtain credit card information in transit. From Info Security:
In a data breach notification letter dated March 9, 2020, and signed by TrueFire Chief Customer Officer Ren Wright, users who made purchases via the website truefire.com between August 3, 2019, and January 14, 2020, were warned that their data may have been compromised.
Wright said that data exposed during the lengthy breach may have included names, addresses, payment card account numbers, card expiration data, and security codes.
Though the company does not store customers’ payment card information itself, it warned that threat actors with access to its computer system may have been able to steal this information in real time as users bought classes and courses.
Wright wrote: “On January 10, 2020, TrueFire discovered that an unauthorized person gained access to our computer system and, more specifically, to information that consumers had entered through our website.
“While we do not store credit card information on our website, it appears that the unauthorized person gained access to the website and could have accessed the data of consumers who made payment card purchases, while that data was being entered, between August 3, 2019 and January 14, 2020.”
March has been rather interesting in the realm of security incidences. Previously, there was the Carnival Corp data breach which saw both staff and guests information compromised. Before that, UK mobile carrier, Virgin Media, suffered a data leak which saw customers details including porn browsing habits exposed. That occurred a day after we found out about Canadian mobile carrier Koodo suffering from a data breach of their own with customer details exposed. At the beginning of the month, we also saw Clearview AI suffering from a data breach. In that one, their entire client list was stolen.
This latest security incident can simply be thrown onto the pile at this point.
Drew Wilson on Twitter: @icecube85 and Facebook.
