Direct Marketing Association data breach

Oh, look. The Direct Marketing Association had a data breach.

In a notification template they submitted to the Maryland Attorney General’s Office on January 8, 2015, they write that the incident involved their online bookstore (and only that section of their website).  Investigation determined that malware had been inserted on the server, which was maintained for them by an unnamed third party.

 The malicious software may have placed credit and debit card data at risk of compromise, including names printed on the credit or debit cards, credit or debit card numbers, the security code, and card expiration dates.

The DMA offered those affected credit monitoring services for one year at no cost to the consumers.

The notification to consumers does not indicate the timeframe during which the malware may have exfiltrated customer payment card data, and this notification did not appear on California’s, Vermont’s, or New Hampshire’s websites.

About the author: Dissent