Totally Promotional attack compromises payment cards, other data
Totally Promotional, an Ohio-based internet seller of imprinted promotional products, is notifying an undisclosed number of customers that attackers forced their way into its systems and gained access to some customer payment card data and other information.
How many victims? Undisclosed. Totally Promotional did not return a SCMagazine.com request for the information.
What type of personal information? Names, mailing and email addresses, payment card account numbers, expiration dates and verification codes.
What happened? Attackers forced their way into Totally Promotional's systems and gained access to some customer payment card data and other information.
What was the response? The attack was stopped, the access point used by the attackers was closed, and the malware the attackers left behind was removed. Totally Promotional hired security experts to investigate, and the company submitted to a series of internal and external security audits. Steps were taken to strengthen and enhance security. All potentially affected individuals are being notified.
Details: Totally Promotional received calls on July 6 from customers who used their cards on the Totally Promotional website and then saw unauthorized charges on their card. Following an investigation, Totally Promotional determined that customer information may have been accessed from June 23 to July 10.
Quote: Totally Promotional has communicated “that our customers will have zero liability for any fraudulent charges arising from this breach of information,” according to a notification.
Source: doj.nh.gov, “Totally Promotional,” Aug. 17, 2015.