Posted on Jul 5, 2015

U.S. Military Manufacturer Experiences Data Breach

Over 3,700 Customers' PII, and Credit Card Information Breached

Durham, North Carolina-based LC Industries has recently reported a security data breach, according to SC Magazine. The breach, which occurred in early June, affects a total of 3,754 customers, and affected 22 specific customers in New Hampshire, hence a public notification to the Department of Justice in the state. The breach originated from one of the retail companies' LC Industries owns, Tactical Assault Gear, based in Imperial Beach, California.

LC Industries manufactures over 2,000 products, many which are focused on serving the needs of military personnel on bases across the United States including mattresses, broomsticks, plastics, paper conversion, assembly, packaging, and kitting, and chemical light sticks. LC Industries is also a distributor with over 4,500 products in its inventory, according to the company's website, operating out of Las Vegas and Durham. The company also operates BuyLCI.com, an e-commerce site for office supplies which operates retail stores on 31 military bases in the United States.

"During the course of our investigation, we learned that the Code [malicious software code] was being used to access and acquire personal information," wrote Rick Stallings, CFO of LC Industries, in his letter to the New Hampshire DoJ. "The personal information that may have been compromised includes individual names..., credit card numbers (including security code and expiration date), email addresses, Website account usernames, and Website account passwords."

Tactical Assault Gear Scores a 'C' for IP Reputation Over the Last Month

The malware infection duration for Tactical Assault Gear's website does not grade particularly well for its IP reputation within the SecurityScorecard platform. The average malware infection duration is 2 days, which is higher than 92% of industry companies. The company receives a 'B' for DNS Health, however, it has 'A' grades for network security and endpoint security.

manufacturer data breach securityscorecard

Manufacturing and Retail Industries Rank Highest for Dridex Banking Malware

SecurityScorecard's recently published research, The Current State of Banking Malware, discovered that the manufacturing industry had the highest rate of infection (over 27%) within the Dridex banking malware through the first two quarters of 2015. Similarly, the second highest ranking infections for Driedex were found in the retail industry (at 20.7%). Dridex is known to be spread through spam campaigns that contain malicious XML attachments.

SecurityScorecard sinkholes have identified a rising threat trend for credential-based, wire-transfer bank fraud within the following malware classifications: Dridex, Bebloh, and TinyBanker. These malware classes have been located in 159 unique corporate domains and are validated by internal, SecurityScorecard threat intelligence resources— and intelligence provided by other security firms observing similar patterns.

In addition, SecurityScorecard discovered 11,952 total infections affecting 4,703 unique organizations across 55 total malware classifications. These newer strains are using the same functionality as the Zeus banking malware, but they are stealthier.



Download Full Report



Security Research in your Inbox

Thanks for siging up for the newsletter!

Our Platform

Learn How It Works

Find out how we use open source intelligence, proprietary and open data feeds, and deep machine learning systems to correlate, attribute, and prioritize risks.

Learn About the Platform

No waiting, 100% Free

Get your personalized scorecard today

Get your free scorecard and learn how you stack up across 10 categories of risk. Answer a few simple questions and we'll instantly send your score to your business email.

Get Your Free Score

Get In Touch

Thank you for contacting us!

Request a Demo

Thank you for requesting a demo!