The Vernon Company database accessed; customers notified

Iowa-based The Vernon Company recently discovered that its system had been accessed via its vernoncompany.com web site. The breach was discovered on October 6, and the company shut down the web site until it could patch the vulnerabilities were patched. Further investigation suggested that the breach originated in Singapore, and may have occurred as early as July 2009. The company notified the FBI of the incident and notified (pdf) the New Hampshire Attorney General’s Office on October 12 that 19 New Hampshire residents were affected by the incident.

The breach may have resulted in access to customers’ names, addresses, credit or debit card numbers, and card expiration dates. The company says it has no evidence that the data have been acquired or misused, and did not offer affected customers any free credit monitoring services.

Update: 66 residents of Maryland were also notified.

About the author: Dissent