Regional cyber security websites say Pricesmart and Courts Caribbean’s online shopping website ShopCourts have been hacked.
Jamaican cybersecurity researcher Gavin Dennis, Computer Forensics and Security Institute (CFSI) and technewstt.com all say the ShopCourts data was stolen and posted on online on August 29, 2023.
The stolen data is said to include information on possibly up to 200,000 customers such as names, genders, emails, account passwords, ID information, dates of birth, and phone numbers.
It is also said to include order details for customers much as billing and shipping addresses, purchase dates, purchase locations, shipping information, order totals and payment methods.
However Courts released a statement on Sunday claiming none of their customers’ payment methods and password information was exposed in the incident.
The company acknowledged a data breach in the old e-Commerce Platform www.shopcourts.com, but said immediate action was taken.
Courts said it switched e-commerce platforms in September, the month after the alleged hack.
It added the data leak only contained information on customers who shopped on its website but said the new platform “enforces the measures and strengthens security levels…to have a secure platform without any data breach.”
Hackers have leaked a sample of customer records from 2013 to 2023 as proof of the hack.
The data spans customer accounts in multiple Caribbean countries including TT, Jamaica, Belize, St Lucia, and Barbados.
According to hack reporting website leakbase.io, the data is also being offered for sale.
CFSI owner and enterprise risk consultant Shiva Parasram told Newsday he believed the hack was done by either an individual or group of individuals given the circumstances around its availability.
“It was put out onto the regular internet, which is what we call the surface web. So anybody with an internet connection could actually do some digging and find that. However, it's posted on a forum where you have to pay for it. Usually in crypto and the price is usually pretty exorbitant so you can’t just go and download it for free.”
[caption id="attachment_1045085" align="alignnone" width="1024"] PriceSmart, MovieTowne, Port of Spain. FILE PHOTO/ROGER JACOB -[/caption]
Meanwhile, another hack reporting website and cyber security platform, FalconFeeds.io, says PriceSmart has also been the victim of a hack.
FalconFeeds posted on X, formerly known as Twitter, that hacking group AlphV has acquired more than 500 gb of sensitive employee and client data.
According to technewstt, AlphV, also known as Black Cat, is a recently formed ransomware group which has breached more than 60 organisations in the last month.
Parasram said while the exact nature of the data has not been revealed, the PriceSmart hack is even more concerning given AlphV’s reputation.
“They are notoriously popular in the ransomware business. They are actually almost like a best-of-the-best group. They recruit a lot of other ransomware extortionists from different group