Vitamin seller website attacked, payment cards and other info compromised

Share this article:

Anyone who made credit or debit card purchases on TheNaturalOnline.com website between April 22 and July 17 may have had their information compromised by an attacker who forced their way into The Natural's computer system.

How many victims? Undisclosed. The Natural did not immediately return a SCMagazine.com request for the information.  

What type of personal information? Names, addresses, email addresses, phone numbers, passwords used to create accounts, credit and debit cards, expiration dates and CVV codes.

What happened? An attacker forced their way into TheNaturalOnline.com computer system and gained access to the customer data.

What was the response? The access point used by the attacker was closed and their malware was removed. Additional security measures and procedures are being implemented. All impacted individuals are being notified, encouraged to change their passwords, and offered a free year of identity theft protection services.

Details: TheNaturalOnline.com learned of the incident on July 15, and closed the access point used by the attacker on July 17. The attacker has not been caught. An investigation is ongoing – police have not been notified.

Quote: “The primary risk is credit card fraud and increased exposure to consumer scams, such as; phishing, web scams and social engineering,” Nick Barretta, CEO of The Natural, wrote in the notification letter.

Source: oag.ca.gov, “Sample Letter,” Aug. 12, 2014.

Share this article:
You must be a registered member of SC Magazine to post a comment.

Sign up to our newsletters

RECENT COMMENTS

FOLLOW US

More in The Data Breach Blog

Malware on Breyer Horses website for about 18 months, payment card data ...

Malware installed on the computer server hosting the Breyer Horses website may have compromised personal information for people who made purchases between March 31, 2013 and Oct. 6.

Transcript website flaw exposed personal data on 98k users

NeedMyTranscripts.com expose users' names, addresses and dates of birth, among other information, due to a site flaw that one user discovered.

Sourcebooks payment card breach impacts more than 5,000 customers

More than 5,000 customers had personal information stolen, but roughly 9,000 notification letters were sent out as a precautionary measure.