NoMoreRack Investigates Possible AttackOnline Retailer Says No Evidence of Breach Detected
The company is an online shopping site that sells discounted brand-name products.
In a March 14 statement provided to Information Security Media Group, Vishal Agarwal, NoMoreRack's chief marketing officer, writes: "There is no conclusive proof that there has been a breach. ... We are also undergoing a PCI compliance Level 1 audit [customary for e-commerce/online retailers], even though, by our transaction count, we are only required to undergo a Level II audit."
Agarwal also says a forensics audit of its network is underway - a step the company initiated after it was notified by Discover Card about suspicious card activity. No other card brands have sent alerts to the company, according to the March 14 statement.
"We do not store credit card data, so the chances of cards being compromised from our system is non-existent," Agarwal says. "An audit has already revealed that there was no conclusive evidence of [a] breach, but we are still undergoing another audit and a higher level of PCI compliance than required."
Two Discover Alerts
The February alert marks the second time Discover has alerted NoMoreRack of suspicious transactional activity. According to the retailer, a similar warning came from Discover in August 2013, suggesting that NoMoreRack was the likely point of compromise for an undisclosed number of compromised cards that had been dinged by fraudulent transactions.
News of NoMoreRack's February incident broke March 12, when security blogger Brian Krebs reported about a possible breach.
NoMoreRack's possible breach comes on the heels of numerous retail attacks and suspicious incidents, including the high-profile breaches of Target Corp. and Neiman Marcus, both of which involved malware that compromised payment cards.