A subsidiary of the California Association of Realtors (CAR) announced that it experienced a data breach that lasted roughly two months and might have exposed sensitive credit card information.
According to a San Diego Union-Tribune report
, Los Angeles-based Real Estate Business Services (REBS) revealed that malware was found within the payment processing software used for the store.car.org Web page,” the Los Angeles-based Real Estate Business Services said in a July 3 letter.
“This malware may have copied and transmitted to an unknown third party personal information that briefly went through our servers during the store.car.org payment processing step of purchases of REBS (Real Estate Business Services) products and services between March 13, 2017 and May 15, 2017,” said the company in a July 3 letter to the office of California’s Attorney General. “The malware was removed from our systems, and we now use an entirely different payment system through PayPal. The data accessed included personal information entered in connection with a purchase of products from our online storefront. The data may have included the user’s name, address, credit card number, credit card expiration date and, in some instances, credit card verification code.”
REBS added that it does not request or use Social Security numbers or driver’s license numbers from individuals, thus preventing such data from being part of the malware breach.