Titan notifies customers of payment card compromise
Memphis-based Titan Manufacturing and Distributing has been notifying consumers that its computer system had been compromised by malware during the period of November 23, 2017 to October 25, 2018. Anyone placing an order on their site during that time might have had their shopping cart data — personal information plus card data including CVV — captured.
Although the total number of those affected during that period was not disclosed in the letter, a cover letter by their external counsel, Butler & Snow, to the Washington State Attorney General reports that 1,838 Washington residents were being notified of the breach. The same law firm also reported to the New Hampshire Attorney General’s Office that 488 New Hampshire residents were being notified.
Affected California residents were offered one year of complimentary services with LifeLock. That offer does not seem to have been to Washington State residents, however, which may highlight the importance of having strong state laws or a culture that expects more in the way of mitigation.
I’m embedding copies of notifications to both states, below, so you can see the differences between Titan’s letters to residents of two different states.
This incident seems to be part of the widespread malware attacks on Magento e-commerce sites that were reported throughout 2018.CA-Final-Letter_2