A SQL injection attack on the web server of tour operator CitySights NY recently resulted in the theft of 110,000 customers' credit card data.

"The security breach was discovered on or about October 25, when the firm’s web programmer noticed that unauthorized script had been uploaded to the server," according to DataBreaches.net. "The script appeared to have been uploaded on or about September 26, and between that date and October 19, there were a number of accesses to the customer database."

"According to the notification letter, the database contained unencrypted customer information: names, addresses, email addresses, credit card numbers, card expiration dates, and CVV2 data," the article states.

Click here to read the article at DataBreaches.net.

For regular security news updates, follow eSecurityPlanet on Twitter: @eSecurityP.