As per the report, which was released on Friday, May 3, the code was found in 201 online campus stores in both the countries that include America's 176 colleges and universities as well as 21 Canada based educational institutions.
The recorded payment card data can be uploaded to the servers of the hackers or can be sold on underground cybercrime platforms.
The report added that "After looking into this attack, we learned that the attackers compromised PrismWeb, which is an e-commerce platform designed for college stores by company PrismRBS, a subsidiary of Nebraska Book Company."
However, after the IT security company, headquartered in Japan, notified the vendor about the malicious script, PrismRBS said in an official statement that they were informing all the colleges and engaging with an external IT forensic firm to investigate the incident.
"Our investigation is ongoing to determine the scope of the issue, including who and what information may have been impacted. Based on our review to date, we have determined that an unauthorized party was able to install malicious software designed to capture payment card information on some of our customers' e-commerce websites," it added.