Digital Attack Strikes 201 Online Campus Stores

  • By Dian Schaffhauser
  • 05/16/19
online credit card fraud

A digital attack recently hit 201 online campus stores, all running the same checkout software. A cybercrime group injected a version of Magecart, first reported by Trend Micro, into campus store websites to scrape credit card and other customer data during checkout, which was then sent to a remote server. All of the colleges and universities affected were running PrismWeb, an e-commerce platform designed specifically for college stores by PrismRBS. None of the institutions involved have been named.

Trend Micro disclosed its findings to PrismRBS in late April, which, according to a statement PrismRBS issued, "immediately took action to halt the current attack, initiated an investigation, engaged an external IT forensic firm to assist in our review [and] notified law enforcement and payment card companies." PrismRBS said it has also reached out to customers that have been hit.

This version of the Magecart attacks, named Mirrorthief by the security company, apparently forged a Google Analytics script, but then loaded its own script, which was responsible for stealing the payment information, according to an explanation by Trend Micro.

"To defend against this type of threat, website owners should regularly check and strengthen their security with patches and server segregation," advised Trend Micro. "Site owners should also employ robust authentication mechanisms, especially for those that store and manage sensitive data. IT and security teams should restrict or disable outdated components, and habitually monitor websites and applications for any indicators of suspicious activity that could lead to data exfiltration, execution of unknown scripts, or unauthorized access and modification."

PrismRBS was formed last year when Nebraska Book Company and the Collegiate Retail Alliance merged their point-of-sale and enterprise resource planning businesses.

About the Author

Dian Schaffhauser is a former senior contributing editor for 1105 Media's education publications THE Journal, Campus Technology and Spaces4Learning.

Featured

  • Two professionals, one male and one female, discuss AI regulations in a modern office with holographic displays showing legal documents, balance scales, and neural network symbols.

    Congressional Task Force Releases Recommendations for AI Governance

    The bipartisan House Task Force on Artificial Intelligence recently released its recommendations to bolster American leadership in AI.

  • modern college building with circuit and brain motifs

    Anthropic Launches Claude for Education

    Anthropic has announced a version of its Claude AI assistant tailored for higher education institutions. Claude for Education "gives academic institutions secure, reliable AI access for their entire community," the company said, to enable colleges and universities to develop and implement AI-enabled approaches across teaching, learning, and administration.

  • The AI Show

    Register for Free to Attend the World's Greatest Show for All Things AI in EDU

    The AI Show @ ASU+GSV, held April 5–7, 2025, at the San Diego Convention Center, is a free event designed to help educators, students, and parents navigate AI's role in education. Featuring hands-on workshops, AI-powered networking, live demos from 125+ EdTech exhibitors, and keynote speakers like Colin Kaepernick and Stevie Van Zandt, the event offers practical insights into AI-driven teaching, learning, and career opportunities. Attendees will gain actionable strategies to integrate AI into classrooms while exploring innovations that promote equity, accessibility, and student success.

  • NVIDIA DGX line

    NVIDIA Intros Personal AI Supercomputers

    NVIDIA has introduced a new lineup of AI-powered computing solutions designed to accelerate enterprise workloads.