Skip to main content
Add as a preferred source on Google


Digital Attack Strikes 201 Online Campus Stores

  • By Dian Schaffhauser
  • 05/16/19
online credit card fraud

A digital attack recently hit 201 online campus stores, all running the same checkout software. A cybercrime group injected a version of Magecart, first reported by Trend Micro, into campus store websites to scrape credit card and other customer data during checkout, which was then sent to a remote server. All of the colleges and universities affected were running PrismWeb, an e-commerce platform designed specifically for college stores by PrismRBS. None of the institutions involved have been named.

Trend Micro disclosed its findings to PrismRBS in late April, which, according to a statement PrismRBS issued, "immediately took action to halt the current attack, initiated an investigation, engaged an external IT forensic firm to assist in our review [and] notified law enforcement and payment card companies." PrismRBS said it has also reached out to customers that have been hit.

This version of the Magecart attacks, named Mirrorthief by the security company, apparently forged a Google Analytics script, but then loaded its own script, which was responsible for stealing the payment information, according to an explanation by Trend Micro.

"To defend against this type of threat, website owners should regularly check and strengthen their security with patches and server segregation," advised Trend Micro. "Site owners should also employ robust authentication mechanisms, especially for those that store and manage sensitive data. IT and security teams should restrict or disable outdated components, and habitually monitor websites and applications for any indicators of suspicious activity that could lead to data exfiltration, execution of unknown scripts, or unauthorized access and modification."

PrismRBS was formed last year when Nebraska Book Company and the Collegiate Retail Alliance merged their point-of-sale and enterprise resource planning businesses.

About the Author

Dian Schaffhauser is a former senior contributing editor for 1105 Media's education publications THE Journal, Campus Technology and Spaces4Learning.

Featured

  • A panel discussion from SXSW EDU 2025

    12 Ways to Dive into AI at SXSW EDU

    This March 9-12, the SXSW EDU Conference & Festival returns to Austin, TX, to celebrate innovation, experimentation, and learning across every stage of education.

  • abstract cybersecurity data protection

    Rubrik Intros Google Workspace Data Protection

    Rubrik has announced the launch of Rubrik Data Protection for Google Workspace, a product the company said is designed to help enterprise customers protect data and restore operations across Google Workspace environments.

  • Educational path and career development growth with neon icons for study, idea, graduation, and success

    How to Embrace Lifelong Learning as a Non-negotiable for Career Growth

    In a world shaped by rapid technological change and shifting economic forces, staying curious and committed to learning is the most powerful way to stay prepared.

  • SXSW EDU

    SXSW EDU 2026: Discover How to Incorporate Technology with Impact

    With the proliferation of AI and advanced technology, education leaders have an opportunity to find and implement the right solutions to make a difference for learners. This March 9-12, SXSW EDU 2026 is your chance to discover innovative edtech, connect with trailblazing peers, and find strategies that make an impact.