Datapak notifies customers that malware may have been capturing their credit card information since March (Update4)
Datapak Services Corporation, an order fulfillment and payment processor based in Swanee, Georgia, recently learned that malware placed on their system on March 5 may have compromised the credit card information of customers of “several” e-commerce web sites.
In a letter dated October 3, they note that customers’ names, addresses, and card numbers with expiration dates and security codes may have been exposed. The firm does not indicate how they first became aware of the breach. Nor does it name the web sites affected.
Those affected by the incident were offered one year of free services through AllClear SECURE and AllClear PRO.
A copy of their notification letter was posted on the Vermont Attorney General’s web site, here.
Update 1: The breach also affected 468 New Hampshire residents.
Update 2: The Scotts Company LLC has reported the Datapak breach to the NH Attorney General’s Office. Presumably, their 84 NH residents are included in the 468 figure Datapak reported to NH.
Update 3: Datapak subsequently amended/updated their report to New Hampshire.
Update 4: Datapak reported that 1,948 Maryland residents were affected. And then they later reported 917. I think, but am not sure, that those are 917 additional Maryland residents. The Scotts Company reported that 409 Maryland residents were being notified of the breach.