An undisclosed number of customers who made purchases on the Flinn Scientific website are being notified that their personal information – including payment card data – may have been compromised in a malware attack on the company's server that hosts its internet store.
How many victims? Undisclosed. Flinn Scientific did not respond to a SCMagazine.com request for the information.
What type of personal information? Names, addresses, email addresses, payment card numbers, card verification codes and expiration dates.
What happened? An attacker used malware to gain access to the Flinn Scientific server that hosts its internet store and was able to intercept the personal information.
What was the response? Steps have been taken to eliminate the malware and block any further unauthorized access to servers. Additional security measures have been implemented to specifically counter how the attacker gained access to the web server and to ensure a similar incident does not happen again. All impacted customers are being notified and offered a free year of identity theft protection and credit monitoring services.
Details: The incident was discovered on Sept. 8 and impacted customer payment cards used to make purchases on the website between May 2 and Sept. 8.
Quote: “We have been carefully monitoring our systems and confirmed that there has been no further unauthorized access to our customer's data since September 8,” William Wolford, president of Flinn Scientific, wrote in the notification.
Source: oag.ca.gov, “Flinn Scientific Template Data Breach Consumer Notification Letter,” Oct. 2, 2014.