Vitamin seller website attacked, payment cards and other info compromised

Share this article:

Anyone who made credit or debit card purchases on website between April 22 and July 17 may have had their information compromised by an attacker who forced their way into The Natural's computer system.

How many victims? Undisclosed. The Natural did not immediately return a request for the information.  

What type of personal information? Names, addresses, email addresses, phone numbers, passwords used to create accounts, credit and debit cards, expiration dates and CVV codes.

What happened? An attacker forced their way into computer system and gained access to the customer data.

What was the response? The access point used by the attacker was closed and their malware was removed. Additional security measures and procedures are being implemented. All impacted individuals are being notified, encouraged to change their passwords, and offered a free year of identity theft protection services.

Details: learned of the incident on July 15, and closed the access point used by the attacker on July 17. The attacker has not been caught. An investigation is ongoing – police have not been notified.

Quote: “The primary risk is credit card fraud and increased exposure to consumer scams, such as; phishing, web scams and social engineering,” Nick Barretta, CEO of The Natural, wrote in the notification letter.

Source:, “Sample Letter,” Aug. 12, 2014.

Share this article:
You must be a registered member of SC Magazine to post a comment.

Sign up to our newsletters



More in The Data Breach Blog

About 60K transactions possibly affected in Cape May-Lewes Ferry breach

The security of card processing systems relating to food, beverage and retail sales at the Cape May-Lewes Ferry was compromised and payment card data may be at risk.

Arkansas State University-Beebe is investigating a potential breach

Arkansas State University-Beebe is notifying students and employees of a service running on one of its servers that could pose a potential breach to the system.

Unencrypted discs missing, Arizona State Retirement System notifies 44,000

Arizona State Retirement System notifies nearly 44,000 individuals enrolled in dental plans that two unencrypted discs containing their personal information are missing.