In a notice posted on its website late last week, R.R. Bowker said it has learned that unauthorized charges were occurring on cards after they were legitimately used on its www.myidentifiers.com website, which is responsible for issuing ISBNs.
The company said its preliminary investigation has found unauthorized code that was added to the checkout page on the MyIdentifiers site. The investigation is looking to confirm that the breach took place from May 1 through October 23. Bowker noted, though, that its investigation is ongoing, and it could not provide details about its investigation at press time. A spokesperson noted the breach was limited to the checkout page and did not affect the integrity of the ISBN registry.
On its site, Bowker further noted that: "We anticipate providing notification to any affected customers as we get further clarity about the specific time frames and orders that may have been affected.” The company also noted that they should monitor their payment card account statement for unauthorized charges.
According to its announcement Bowker said it has "disabled purchasing and title data management functionalities at www.myidentifiers.com" while it "works “to implement additional security enhancements." Until the investigation is completed, Bowker has provided alternative ways to buy ISBNs that allow customers to bypass its myidentifiers website.