Skip to content ↓ | Skip to navigation ↓

Roughly 1,700 Made In Oregon customers who made purchases online at are receiving letters from the company after several customers reported their credit card numbers being compromised.

The company has stated that between October and November, there was “possible unauthorized access to the website’s credit-card transaction system.”

The FBI and credit reporting companies have been notified and company has hired security and forensic experts to identify the extent of the damage and implement additional security controls.

This type of breach is becoming more common, where the business is not aware that their systems have been compromised until external indicators of a breach such as customers complaining of credit card numbers being stolen, or exfiltrated data and intellectual property is discovered on external sources.

I will be on KGW tonight at 10PM and 11PM discussing the breach and what businesses and consumers can do to protect themselves.


Tripwire University
  • Rob

    Get ID Theft protection

  • John

    Problem is that when this breach happened, they were not PCI compliant, so they did not take the necessary steps to protect customers credit cards.

    • PCI compliance is a state of mind. As Bob Russo of the PCI SSC points out, no PCI compliant entity can be breached, so any breach means they are not compliant, evn if they were certified compliant. Kafkaesque…

      • Robert

        True enough, but when you are years behind installing web security updates you practically invite hackers to steal your customers information.