[BreachExchange] BevMo Website Breach Affects Thousands Of Customers’ Credit Data
Destry Winant
destry at riskbasedsecurity.com
Thu Dec 27 08:36:32 EST 2018
https://sanfrancisco.cbslocal.com/2018/12/26/bevmo-website-breach-affects-thousands-of-customers-credit-data/
Thousands of customers’ credit card data was compromised during a data
breach of BevMo’s website, according to a notice filed to the
California Attorney General’s Office.
According to Tamara Pattison, Chief Marketing and Information Officer
for the Concord-based alcohol retailer, the amount of customers
affected by the breach is close to 15,000.
An investigation by NCR Corporation, the service provider that
operates BevMo’s website, found that an unauthorized individual gained
access to the site and installed “malicious code” on the checkout
page.
BevMo said that the code was designed to capture payment information
from any orders placed between August 2 and September 26.
The code captured customers’ names, credit or debit card numbers,
expiration dates, CVV2 codes, billing addresses, shipping addresses
and phone numbers.
BevMo said that NCR Corporation removed the code and collaborated with
a third-party forensic firm to assist in further investigation. BevMo
has also been conducting their own investigation and has been in
contact with law enforcement and credit card companies.
If you’d like more information from BevMo about the breach, Pattison
says to contact an official at (877) 565-6276.
More information about the BreachExchange
mailing list