LOS ANGELES — A hacker infiltrated an Internet company’s database of credit card numbers and posted them online in a failed extortion attempt.
The FBI has launched an investigation into the attempt against Los Angeles-based creditcards.com, FBI spokesman Matthew McLaughlin said Wednesday.
It is the latest of several attacks against companies with online operations in which hackers sought money after stealing credit card information.
More than 55,000 credit card numbers were swiped from creditcards.com, which processes credit card transactions for online companies. The information later was posted online, said Laurent Jean, a company spokesman.
The Web site with the credit card numbers, which went up when the extortion fee was not paid, has since been taken down, McLaughlin said.
In an e-mail sent to its merchants Monday, creditcards.com stated it was contacted by hackers about three months ago. The e-mail said the hackers appeared to be from Russia and that they threatened to post the credit card information unless the extortion fee was paid.
After being contacted, the company said it immediately adopted a policy that it would neither cooperate with hackers nor pay extortion money.
The e-mail from Michael Stankiewicz, the company’s chief technology officer, said creditcards.com hired security consultants to improve its ability to protect data and has undergone a complete security audit.
One of the company’s merchants, ihateshopping.net in Tacoma, Wash., was contacted by the hacker earlier this week and downloaded all of the credit card numbers released by the hacker.
The company has created a page where potential credit card fraud victims can enter their name and address to determine if their credit card was compromised, said Harry Widdifield, owner of ihateshopping.net, an online shopping service.
“We think it’s the most judicious use of the information that was given to us by the hackers possible,” Widdifield said. “I’m surprised creditcards.com didn’t handle it this way. They didn’t, we have.”
Widdifield, whose wife’s corporate card was on the hacker’s list, said that he will find a new company to handle credit card transactions.
“We have to find a new credit card provider because we can’t trust the integrity of creditcards.com,” he said. “They have one job and that’s to mind the store. In the brick-and-mortar world banks have vaults to keep things safe. We should expect the same things from places like creditcards.com.”
An executive with Urban Golf Gear, another creditcards.com merchant, said that none of the 550 people on its customer list had reported illegal credit card charges.
“I put my trust in creditcards.com to have a secure system,” said Craig Tanner, CEO of the Oakland company. “Nobody told me these credit cards were stolen.”
Tanner, whose company sells hip golf clothing, said he first learned of the security breach Monday when the hacker sent him e-mail outlining the extortion attempt.
Creditcards.com has been cooperating with authorities since being contacted by the hackers, said Jean, the company spokesman.
Last year, online music retailer CD Universe was the victim of a hacker who stole about 300,000 credit card numbers and posted some of them online when an extortion fee was not paid.
The hacker, who remains at large, offered to destroy the credit card files in exchange for $100,000 and posted about 25,000 card numbers when the demand was not met.
Other companies that have recently had credit card numbers obtained by hackers include:
—SalesGate.com of Buffalo, N.Y., which learned earlier this year that hackers had stolen thousands of credit card numbers from a site it thought to be safe.
—RealNames, an Internet search service with as many as 20,000 card numbers on file, which learned of a hacker infiltration in February.
—Western Union, which shut its Web site for five days in September after a security breach allowed hackers to steal the credit or debit card numbers of more than 15,000 customers.
On the Net: