Well.ca security not that well, letter reveals

Share this article:

Well.ca, an online store selling health and beauty products, exposed names, addresses and credit card details for some of its customers in December, it admitted last month.

In a letter sent to customers it blamed a service provider which was illegally compromised between December 22, 2013, and January 7. Names and billing addresses, credit card numbers, expiration dates and CVV codes supplied to Well.ca during that time window may have been exposed, it said.

The firm did not reveal the number of records compromised, but said it had alerted law enforcement and credit card providers about the incident.

The Guelph, Ontario-based company did not offer the free credit protection often tendered in these situations, instead advising customers to obtain a free copy of their credit report from Equifax, and to place a fraud alert in their files with the company.

Only first-time customers who made a purchase during this time window were affected, indicating that the attacker used a vulnerability to record information as it was entered.

Share this article:
You must be a registered member of SC Magazine to post a comment.

THE LATEST ISSUE

Features

Archive of SC Magazine Canada

SC Magazine Canada

THE LATEST ISSUE

Features

Archive of SC Magazine Canada

SC Magazine Canada

More in SC Canada

Childrens' Hospital apologizes for rogue employee breach

Alberta Health Services is apologizing following a data breach at Alberta Children's Hospital.

Canadian launches $500m class action against Home Depot

A Canadian is leading a $500 million class-action lawsuit against Home Depot following its data breach in which up to 56 million US and Canadian credit cards were stolen.

Faulty UBC software exposed student financial information

Students at the University of British Columbia have been warned that their personal information may have been exposed thanks to a software bug.