Osprey Packs notifying customers after breach brought to its attention by a customer
Osprey Packs will begin mailing letters to Osprey Pro customers whose personal information was compromised in a recent attack of its online Pro Deals site.
The breach, which occurred on July 9, exposed customers’ names, billing, shipping, and e-mail addresses, phone numbers, and credit card numbers with expiration dates.
Osprey Packs learned of the breach from a customer on August 7, and following a preliminary investigation, e-mailed affected customers on August 13. Their August 30 letter, a copy of which was submitted to the Vermont Attorney General’s Office, will inform customers that the attack appeared to be due to a malware compromise that snagged administrative login credentials to the site. In response, the firm changed administrative login credentials to reduce sharing of credentials, increased the complexity of passwords, cleaned their system, and then reset passwords again.
As of the time of writing, the firm noted that it had already heard from a “small number of customers” who believe attempts were made to use their card information fraudulently.
Despite some evidence of misuse, Osprey Parks is not offering affected customers any free credit monitoring services.