Colorado-based AeroGrow International, Inc. is notifying an undisclosed number of individuals who shopped on its website – AeroGarden.com – that malware was likely used to infiltrate AeroGrow's online servers, and that payment card data may have been compromised.
How many victims? Undisclosed.
What type of personal information? Names, addresses, payment card account numbers, expiration dates, and CCV/CVV numbers.
What happened? Malware was likely used to infiltrate AeroGrow's online servers, and payment card data may have been compromised.
What was the response? The cause of the compromise was eradicated within days of AeroGrow being notified of the incident. Law enforcement has been notified. All potentially impacted individuals are being notified, and offered identity protection services.
Details: AeroGrow learned on May 5 that malware was likely used to infiltrate its online servers. Order information provided during the period of Oct. 15, 2014, to April 27 may have been acquired. The malware has been eliminated and it is safe to shop at AeroGarden.com
Quote: “We do not store, and have never stored, your credit card information on any of our systems,” J. Michael Wolfe, president and CEO of AeroGrow, wrote in a notification letter. “Any information obtained was captured by the malware in the fraction of a second between data entry and the transmission to our credit card processing company.”
Source: oag.ca.gov, “Notice to those effected,” June 2, 2015.