Image

Image

We have informed law enforcement and will cooperate with their investigation. We have not delayed notifying you at the request of law enforcement. In addition, we have taken the appropriate steps to limit the likelihood of a recurrence, and we have engaged a third-party expert to conduct a thorough review of our security protocols.Additionally, Gibbs said that the company would be offering one year of identity protection services to all consumers affected by the data breach. This isn't the first time that AeroGrow has suffered a security incident. As revealed in a letter received by the New Hampshire Department of Justice, the garden system manufacturer discovered an incident in May 2015 where an unauthorized actor gained access to the company's website. In so doing, they might have obtained customers' names, addresses, addresses and payment card data. AeroGrow's data breach notice doesn't mention who was responsible for this latest security incident. That being said, the details are reminiscent of a Magecart attack. Earlier in 2019, news emerged about how this digital crime gang had compromised hundreds of e-commerce websites via a malicious script that silently harvested personal data and payment card information as customers bought goods and services online. More than that, Magecart has a documented history of reinfecting the same websites time and time again. To help protect against Magecart attacks, organizations should focus on improving their supply chain security. Here's a great resource to help organizations get started.