Renowned Jamaican cybersecurity researcher, Gavin Dennis, has disclosed a significant cybersecurity breach affecting ShopCourts, the online shopping portal for Courts Caribbean. According to Dennis’s LinkedIn post, the breach has resulted in the exfiltration of data from up to 200,000 orders.
Dennis provided insights into the nature of the breach, stating that a sample of customer records spanning from 2013 to 2023 has been posted as proof of the hack. An independent review of the sample indicates that the compromised data includes customer records from various Caribbean countries, such as Trinidad and Tobago, Jamaica, Belize, St Lucia, and Barbados.
The exposed information, visible on the hack reporting website leakbase.io, encompasses sensitive details like customer names, addresses, emails, and other personally identifiable information. Notably, the breach includes hashed account passwords, order details such as purchase location, date, and total amount, as well as billing and shipping information. The compromised data has been made available for sale since its publication on August 29, 2023.
In a related incident, ALPHV, a ransomware group also known as Black Cat, has reportedly added PriceSmart to their list of victims. FalconFeeds.io, a cybersecurity firm tracking breaches, noted on their Twitter feed that ALPHV claims to have exfiltrated 500GB of customer and employee data from PriceSmart. ALPHV has emerged recently, breaching over 60 organizations in the last month alone.
Users of the affected online shopping portals, ShopCourts and PriceSmart, are strongly encouraged to change their passwords immediately in response to these cybersecurity incidents. The scope of the breaches underscores the increasing threats faced by online platforms, necessitating heightened vigilance and security measures from both businesses and users alike.