Breach, Data Security

Grill parts website experiences system intrusion, payment card breach

Florida-based Barbecue Renew – which sells grill parts through its website www.grillparts.com – is notifying an undisclosed number of individuals that their payment card data may have been compromised as a result of a series of cyber attacks on its web server.

How many victims? Undisclosed. Barbecue Renew did not immediately return a SCMagazine.com request for the information.

What type of personal information? Names, addresses, payment card numbers, expiration dates, and security codes. 

What happened? Barbecue Renew received common point of purchase (CPP) notifications informing the company of three instances of suspicious and potentially fraudulent activity originating from payment cards used on the www.grillparts.com website.

What was the response? Barbecue Renew fixed the vulnerability that was suspected of having been exploited by attackers by either removing or fixing vulnerable web pages. An investigation is ongoing. All impacted individuals are being notified, and offered a free year of identity theft protection services.

Details: From January 2014 to October 2014, cardholder data was exposed on three separate occasions for various lengths of time due to a cyber attack against Barbecue Renew's web server. Barbecue Renew received a CPP notification in October 2014 regarding at least two incidents of suspicious and potentially fraudulent activity. The vulnerability that was suspected of having been exploited by attackers was addressed by Oct. 21, 2014. Barbecue Renew received another CPP notification on Nov. 12, 2014, regarding a third instance of suspicious and potentially fraudulent activity.

Quote: “We are working with leading IT security firms, data privacy and protection attorneys, law enforcement and payment industry contacts to continue to address this incident,” according to a notification letter. “Additionally, we are devoting all necessary resources to our ongoing efforts to enhance our information security policies and procedures in light of this incident to minimize the risk of such incidents in the future.”

Source: oag.ca.gov, “Barbecue Renew Consumer Notification Sample,” Jan. 16, 2015; oag.ca.gov, “Barbecue Renew FAQs,” Jan. 16, 2015.

Related

Nexperia impacted by cyberattack

Nexperia had some of its servers confirmed to be compromised in a cyberattack last month following a report from Dutch broadcast firm RTL detailing attackers' claims of having exfiltrated hundreds of gigabytes of data from the Chinese-owned Dutch semiconductor manufacturer, according to Cybernews.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.