Another day, another breach. Allegedly, AeroGrow – an indoor gardening systems vendor – faced a data breach due to malware.
AeroGrow Data Breach Due To Malware Attack
As disclosed by the service, AeroGrow suffered a major data breach losing personal and financial details of customers. The vendors revealed this incident in a letter sent to their customers.
Reportedly, AeroGrow originally noticed the unauthorized access on their payment system in March 2019. Further an investigation they discovered malicious code running on their site’s payment page. As stated in their letter:
“On March 4, 2019, AeroGrow learned that an unauthorized person may have acquired, through the use of malicious code, the payment card information that users entered into the eCommerce vendor’s payment page.”
They suspect that the malicious code was running on the system for nearly four months.
“This malicious code may have been present on our website between October 29, 2018, and March 4, 2019.”
Therefore, the details submitted on the payment page were inadvertently breached by the unknown attackers. for now AeroGrow has not disclosed the exact number of customers affected by this incident.
Only Payment Card Details Breached
AeroGrow confirmed that they removed the malicious code after the investigation. However, they suspect the compromise of payment card details including card numbers, CVV/CCV and expiry dates. They do specify that other details would not have been leaked.
“Please note that none of your personal information, other than possibly your payment card information submitted to the payment page, could have been involved in this incident.”
This is because they assure no collection of personal data, such as account details, social security numbers, driver’s license numbers, and personal identification numbers.
While the investigations are still underway, AeroGrow deemed it necessary to inform their customers about the breach. They have also taken appropriate security measures to review their security protocols.