Vitamin seller website attacked, payment cards and other info compromised

Share this article:

Anyone who made credit or debit card purchases on website between April 22 and July 17 may have had their information compromised by an attacker who forced their way into The Natural's computer system.

How many victims? Undisclosed. The Natural did not immediately return a request for the information.  

What type of personal information? Names, addresses, email addresses, phone numbers, passwords used to create accounts, credit and debit cards, expiration dates and CVV codes.

What happened? An attacker forced their way into computer system and gained access to the customer data.

What was the response? The access point used by the attacker was closed and their malware was removed. Additional security measures and procedures are being implemented. All impacted individuals are being notified, encouraged to change their passwords, and offered a free year of identity theft protection services.

Details: learned of the incident on July 15, and closed the access point used by the attacker on July 17. The attacker has not been caught. An investigation is ongoing – police have not been notified.

Quote: “The primary risk is credit card fraud and increased exposure to consumer scams, such as; phishing, web scams and social engineering,” Nick Barretta, CEO of The Natural, wrote in the notification letter.

Source:, “Sample Letter,” Aug. 12, 2014.

Share this article:
You must be a registered member of SC Magazine to post a comment.

Sign up to our newsletters


More in The Data Breach Blog

Florida medical center hit with breach for third time in two years

Aventura Hospital and Medical Center has reported a data breach for the third time in two years.

Tampa General Hospital breach impacts hundreds of patients

Tampa General Hospital is notifying 675 patients that their personal information may have been accessed, without authorization, by a former employee.

George Mason University travel system targeted for malware attack

The incident could have exposed the names and Social Security numbers of users, although no evidence has surfaced to suggest that's the case.