[BreachExchange] Bulletproof Coffee hacked: Customers' personal and credit card details stolen in data breach

[Audrey McNeil]

http://www.ibtimes.co.uk/bulletproof-coffee-hacked-
customers-personal-credit-card-details-stolen-data-breach-1649162

Bulletproof Coffee, the company behind the trendy energy-boosting,
butter-infused java, said it has suffered a data breach, compromising the
personal and financial details of its customers. Bulletproof 360, creator
of the beverage touted as the secret to weight loss and mental clarity,
said it discovered "unauthorised computer code" added to the software that
operates the checkout page on its website.

The company said it launched an investigation into the unknown code and
examined its systems with the help of leading security firms. Based on its
investigation, the company said the unauthorised code may have been capable
of capturing sensitive information entered by customers during the checkout
process between 20 May and 13 October as well as from 15 October through 19
October.

Data compromised in the breach include customers' names, physical and email
addresses, payment card numbers, expiration dates and card security codes
(CVV).

The data breach was discovered mid-October and was disclosed to California
authorities on Monday, 27 November. The company did not disclose how many
people were affected by the breach.

"We take the security of our customers' personal information very
seriously, which is why we have been working with leading computer security
firms and reporting to law enforcement," Bulletproof founder and CEO Dave
Asprey said in a letter sent to affected customers. "We are working
diligently to strengthen the security of our website in order to prevent
this type of incident from happening again."

The company has advised customers to review their payment card statements
for any suspicious, unauthorised activity or transactions. It has also
offered to reimburse customers affected by fraudulent charges through their
payment cards during the affected time period should their banks refuse to
do so.

"We will reimburse you for any such reasonable, documented costs that your
financial institution declined to pay," the firm said. "We regret that this
incident occurred and apologise for any inconvenience."

IBTimes UK has reached out to Bulletproof for comment.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20171128/127cd073/attachment.html>