A data breach affecting Twin America, the parent company of CitySights NY, potentially compromised an estimated 100,000 customers' personal details, including credit card numbers. According to a security breach notification letter sent to the New Hampshire attorney general, as required by that state's laws, attackers successfully exploited a Twin America Web server by using a SQL injection attack.
The letter, written by Twin America's lawyer, Theodore Augustinos, said that Twin America first suspected its systems had been breached in late October, "when a Web programmer discovered [an] unauthorized script that appears to have been uploaded to the company's Web server." The script appeared to have been actively siphoning off sensitive information from a database stored on the server for about four weeks before being discovered.

The link for this article located at Information Week is no longer available.