ICG America notifies customers of its companies of payment system compromise (update 2)
ICG America, which operates a family of retail and e-commerce companies that includes Amazing Clubs, Flying Noodle, MonsterBrew, Games2U, TexasIrons, and California Reds, has joined the ranks of those disclosing hacks involving customer data.
In August, ICG America was alerted by a credit card company that their payment processing system appeared to have been attacked. A security firm immediately retained to investigate found evidence of an attack that began on January 2, 2013 and continued until August 2, 2013.
According to a statement by Elena Loyola, the data were encrypted but,
The attacker installed a program on our network that created the ability to decrypt and capture payment card information from our system.
Because of the nature of the program used by the attacker, the investigation could not determine whether the attacker actually viewed or removed any information from any system.
Customer information that might have been viewed or removed included name, address, e-mail address, credit or debit card account number, expiration date, and card verification value.
No explanation was provided as to how the attackers managed to insert a program on their system, and no mention was made as to whether law enforcement had been notified of the incident.
ICG America did not offer affected consumers any free credit protection services.
You can read a copy of their consumer notification, which is available on the California Attorney General’s site. As of this morning, there is no breach alert on their web site or on the sites of the companies they operate.
Update 1: This breach resulted in notification to 6,105 Maryland residents. The total number nationwide is still unknown.
Update 2: This breach resulted in notification to 1,451 New Hampshire residents, too.