Seattle-based pet store LuckyPet notified the California State Attorney General's office of a data breach that compromised online customer information.
How many victims? Unknown.
What type of information? Names, credit card data, including expiration dates and security codes, addresses.
What happened? Around October 12, 2015, an unknown and unauthorized party exploited a vulnerability in the third party shopping cart software in order to upload malware that intercepted customer information provided as they made purchases. Officials learned of the incident on March 16, 2016 and have been investigating the incident since.
What was the response? Infected files have since been removed and Lucky Pet is taking steps to mitigate the effects of the attack on those impacted. The firm has also been in contact with the third-party vendor compromised and has taken steps to prevent another compromise. The credit reporting agencies and the payment card networks have also been notified of the incident. Customers who spot suspicious activity are encouraged to contact local law enforcement, their state attorney general and the Federal Trade Commission (FTC).
Details? LuckyPet said it has not received any reports of actual misuse of any credit cards as a result of the incident and recommended that customers monitor their accounts for fraudulent activity.
Quote? “On behalf of LuckyPet, we regret any inconvenience this may cause you,” LuckyPet Vice-President Michael Kaplan said in a breach notice.
Source: LuckyPet breach notice