RubberStamps.net, Incipio notify customers of breaches

While uKnowKids had a somewhat despicable disclosure of their breach that involved shooting the messenger, here are two positive examples of breach disclosures I came across this week:

RubberStamps.net notified about 7,000 customers that its web site was compromised between November 3, 2015 to December 11, 2015. In a well-written letter, Scott Lee, the President and CEO, Superior Labels, Inc. explained that following reports from some customers of possible problems, the firm brought in experts and began investigating.

Based on our investigation, it appears that hackers used a security vulnerability in the WordPress blogging software to gain access to our order management system from November 3, 2015 to December 11, 2015.

The information that was possibly accessed included customers’  name, address, credit card number, billing and shipping address.

The firm began strengthening its security, and offered complimentary services through AllClear to those affected. It also created a toll-free number for them to call with any questions.

Given that customers contacted them after placing orders, it does sound like data from this breach may have been misused, even though the firm had no direct evidence of that as of the time of their February 19th notification letter.

Also this month, Incipio, LLC notified an unspecified number of customers that malware compromised orders placed online. The compromise, which affected one of their cloud-based servers, was discovered on February 4.

Despite our robust controls to protect you from the nefarious efforts of hackers, our investigation reveals that the unauthorized party gained access to personal information of customers who purchased product from www.incipio.com between September 26, 2015, and January 29, 2016.

Andy Fathollahi, Chairman and CEO, explained that the  information accessed likely included the customers’ name, address, phone number, email address, credit or debit card number, and payment card’s expiration date and cvv number.

The firm was not aware of any instance of fraud arising from the incident, but offered those affected services through Kroll.

 

About the author: Dissent