Anyone who made credit or debit card purchases on TheNaturalOnline.com website between April 22 and July 17 may have had their information compromised by an attacker who forced their way into The Natural's computer system.
How many victims? Undisclosed. The Natural did not immediately return a SCMagazine.com request for the information.
What type of personal information? Names, addresses, email addresses, phone numbers, passwords used to create accounts, credit and debit cards, expiration dates and CVV codes.
What happened? An attacker forced their way into TheNaturalOnline.com computer system and gained access to the customer data.
What was the response? The access point used by the attacker was closed and their malware was removed. Additional security measures and procedures are being implemented. All impacted individuals are being notified, encouraged to change their passwords, and offered a free year of identity theft protection services.
Details: TheNaturalOnline.com learned of the incident on July 15, and closed the access point used by the attacker on July 17. The attacker has not been caught. An investigation is ongoing – police have not been notified.
Quote: “The primary risk is credit card fraud and increased exposure to consumer scams, such as; phishing, web scams and social engineering,” Nick Barretta, CEO of The Natural, wrote in the notification letter.
Source: oag.ca.gov, “Sample Letter,” Aug. 12, 2014.