Credit card numbers stolen in Kiplinger breach

Kiplinger Washington Editors – the publisher of well-known business and economic publications such as the The Kiplinger Letter and the Kiplinger’s Personal Finance magazine – has suffered a breach that resulted in the compromise of customer information of their online subscribers.

“The database that was attacked included customer contact information, e-mail addresses and passwords,” it says in the statement posted online following the breach. “In some cases, encrypted credit card numbers were also accessed. An investigation by outside forensic experts suggests that the hackers did not target customer names and addresses.”

The good news is that neither card security codes nor expiration dates were stored in the database that was breached. And even though the credit card numbers were encrypted, the affected customers have been notified of the compromise and advised to revoke their card and request a new one from their card issuer.

The publisher also says that it is highly unlikely that the stolen information could be used for identity theft since it didn’t contain customer Social Security numbers or dates of birth.

The company has notified the FBI of the breach, and an investigation is ongoing. “At this time, we are not aware that any of the accessed information has been misused,” it says, and add that it has changed its ordering procedures and will no longer store customer credit card numbers on its servers in order to prevent such incidents happening in the future.

It also advised all the users who have used their Web site (Kiplinger.com) to purchase print subscriptions or editions of its publications to change their password – if they use the same one – on other sites that store sensitive information.