An Internet security breach has led to credit card information belonging to Sportbike Track Time customers falling into the hands of criminals and some fraudulent charges being made on those cards. According to a Sportbike Track Time spokesman, security improvements have been made to the company’s website, www.sportbiketracktime.com . Beginning March 23, 2006, several entries began appearing on Sportbike Track Time’s online forum (http://www.sttforum.com/sttforum/viewtopic.php?t=272) discussing unauthorized online purchases made with the credit cards and debit cards of Sportbike Track Time participants who had registered at www.sportbiketracktime.com . As the number of instances grew, it became clear Sportbike Track Time had a problem. The source of the problem was vulnerability in the “shopping cart” software provided by VP-ASP (a software company specializing in e-commerce solutions) to Sportbiketracktime.com, according to Monte Lutz, co-owner of Sportbike Track Time . “Some enterprising hackers from Vietnam took over — and I’m not a computer guy — a Utah company’s ISP and their servers and used that to hack into, simultaneously, several of the VP(-ASP)-driven sites. And we were one of them,” Lutz told Roadracingworld.com Tuesday. “It was only a very short window. It was only 24 hours that the hackers had access to it, but you can take a lot of stuff in 24 hours. It was March 19. Anybody who signed up (for a Sportbike Track Time event) this year before March 20 was potentially affected.” Another part of the problem was that Sportbike Track Time customers’ credit card information was being stored within the “shopping cart” system. “We no longer store any data within the system,” said Lutz. “We have no reason to keep that information. We do not store your credit card numbers. I do not want that responsibility. And the system was supposed to do it that way, but VP(-ASP) didn’t set it up that way in the first place.” Asked if his company took any additional steps to increase security of its online transactions, Lutz said, “VP(-ASP), they took immediately action (by issuing a ‘patch’), but then we bought another protection system called ‘Hacker Safe.’ Basically, (it’s) an outside security company that automatically monitors the website multiple times each day and certifies it safe. And if it’s not, they immediately let us know what vulnerability there is, any new threats and automatically. “We also sent out an e-mail to every member who could have potentially been affected. The vast majority of them said, ‘Thank for letting us know. I had a fraudulent charge. Now I know how they got the information and I can stop worrying about where it came from.’ “That’s the big thing. When somebody gets your credit card number, it’s not the fact that they got it, because every credit card now has fraud security on it, but the thing is ‘how did they get it?’ is the key. Did a waitress scoop it from you at a restaurant?” Asked how he felt about his website’s security now, Lutz said, “The system’s never been safer. I put my own credit card in there and signed up.” Including the events it puts on with new partner Fastrack Riders Association, Sportbike Track Time will host 140 events in 2006.
Internet Security Breach Affects STT Track Day Customers
Internet Security Breach Affects STT Track Day Customers
© 2006, Roadracing World Publishing, Inc.