Hacktivism a recipe for harassment
Krista Simmons of LAist explains:
Recently, two Orange County restaurants — Arc and The Broadway — were threatened with lawsuits by PETA for their serving of foie gras. The fattened goose livers have become quite the political issue amongst food lovers, chefs, and animal rights activists since they were banned last summer, and some, like chefs Noah Blom and Amar Santana of the two OC restos, decided to gift foie regardless of the law.
However, last week Hudson Valley Foie Gras‘ accounts were hacked, and the personal information of 1,200 of those who purchase foie gras was released online. Santana, who is the chef at the Broadway in Laguna Beach, was repeatedly harassed by incensed animal rights activists after his phone number was listed, along with his address and credit card information on the North American Animal Liberation Press Office website.
The story was reported previously by Carey Polis on Huffington Post. Annie Kim of the Los Angeles Times also reports on the breach and its impact. Some of the data are still available on the North American Animal Liberation web site at the time of this posting, but credit card numbers do not appear and for most individuals, it’s mostly names and email addresses.
DataBreaches.net sent an inquiry to Hudson Valley Foie Gras yesterday,but no response has been received as of the time of this posting. Paula Forbes of of Eater, however, reports that HVFG sent them a statement assuring everyone that no customers’ credit card information was compromised:
Hudson Valley Foie Gras’s website was shut down Monday and Tuesday, April 22nd and 23rd. An animal rights group took credit for the attack. Some of our customer’s names, addresses, credit card types, billed amounts and email addresses were posted on a website: www.negotiationisover.net.
We use Authorize.Net for credit card processing, which provides security for credit card transactions. It is our understanding credit cards are not compromised.
So perhaps the hacktivists meant “credit card type” when their statement referred to “credit card details” and not card numbers. It would be helpful to get a clearer statement from the breached entity as to exactly what was stored on their server as opposed to the somewhat ambiguous “it is our understanding” phrasing.