Cyber Incident Victim: Score
Date:
Sep 2014
Location:
United States of America
Summary
An unauthorized data breach exposed customer payment information submitted through the company's website over a three-month period. Compromised data included names, payment card account numbers, expiration dates, and internal account identifiers, though no evidence suggested addresses or card security codes were accessed. The organization detected the incident approximately seven weeks after the breach occurred, prompting immediate internal investigation and engagement of external IT specialists to secure payment systems. While specific forensic findings weren't disclosed, remediation efforts focused on restoring transactional security and customer trust. The notification advised impacted individuals to monitor financial statements and provided resources for credit monitoring and fraud alerts through national credit bureaus and federal agencies.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 2 motives | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On October 21, 2014, SCORE identified a potential unauthorized data breach affecting its online customers. The breach occurred on September 4, 2014, and impacted customers who submitted orders through www.scoresports.com between June 1, 2014, and September 4, 2014. Compromised data included customer names, payment card account numbers, expiration dates, and SCORE account numbers. SCORE initiated an internal investigation immediately upon discovery and engaged an external IT firm to secure website payment systems, accelerate fact-finding efforts, and communicate with affected customers. The company confirmed no evidence suggested customer addresses or payment card security codes were accessed during the incident. Notification letters dated October 23, 2014, informed customers of the breach while emphasizing SCORE’s commitment to data security.
The breach exposed financial data that could facilitate fraudulent transactions, prompting SCORE to advise customers to review payment card statements for unauthorized activity and contact their financial institutions. Payment card brands’ zero-liability policies for timely reported unauthorized charges were referenced as consumer protections. SCORE directed affected individuals to report suspected identity theft to law enforcement, state attorneys general, and the Federal Trade Commission (FTC), providing specific contact details for the FTC’s identity theft reporting mechanisms. Customers were reminded of their entitlement to free annual credit reports from Equifax, Experian, and TransUnion, with instructions provided for obtaining these reports through multiple channels. SCORE additionally outlined procedures for placing fraud alerts or security freezes on credit files, noting potential delays in credit-dependent services and possible fees for security freezes. The company acknowledged the breach’s impact on customer trust and stated it implemented security measures to prevent recurrence, offering a dedicated customer service line (1-800-626-7774) for inquiries. No specific attacker methodologies, intrusion vectors, or data exfiltration volumes were disclosed in the notification materials.