Made In Oregon customers warned of data breach (update2)
Mike Benner reports on KGW:
When it comes to Oregon’s delicacies there is not much that Made In Oregon does not sell. Its warehouse in Northeast Portland is stocked with everything you can imagine.
“These shelves will be empty by December 18,” said company vice president Verne Naito. This is the busiest time of the year for internet retail. It is those customers who Naito is concerned about after getting several calls from several of them.
“We suspect we had a credit card compromised while transacting business on your website,” said Naito. Naito alerted authorities who in turn launched an investigation. It appears hackers breached the website’s credit card transaction system.
The company has alerted the 1700 customers who made purchases between mid-October and mid-November. “People have done the right thing and to our knowledge nobody lost a cent to this,” said Naito.[…]
Because there is no notification on their web site, it’s not clear whether the credit card information was captured in real time or stolen from the database while at rest. Nor do we know how the hackers were able to get in. In any event, the store has offered affected customers free credit monitoring services and is beefing up their security.
Update: The notification to the New Hampshire Attorney General’s Office was made on November 26 by NAITO Corporation, and indicated that customers’ names, billing, shipping, and e-mail addresses, and credit card information were involved. The method of the attack was still under investigation.
Update 2: 33 Maryland residents were also affected.