The website of the coffee vendor Bulletproof 360 was infected with a malware that stole customers’ financial and personal data.
The firm Bulletproof 360, Inc. manufactures coffee and tea products, and dietary supplements for upgrading mind and body. It serves customers online, as well as through stores in the United States and internationally.
The company specializing in butter-infused coffee confirmed that the attackers injected malicious code into its website stealing payment card details for months.
Bulletproof 360 Inc. revealed that from May 20 to October 19, except on October 14, crooks have stolen personal and financial information customers entered on its website.
Stolen data included bank card numbers, expiration dates, and security codes (CVV), as well as names, postal addresses, and email addresses.
The security breach was discovered mid-October, but it was publicly disclosed only on Monday to California officials, in compliance with the US state’s security breach notification laws.
“In mid-October 2017, Bulletproof identified unauthorized computer code that had been added to the software that operates the checkout page at www.bulletproof.com. When we discovered the unauthorized code, we immediately removed it and began an investigation. We have been working with leading computer security firms to examine our systems. We have also been working with law enforcement.” reads the letter sent by the company to the customers.
“Based on our investigation, we determined that the unauthorized code may have been capable of capturing information entered during the checkout process during the period from May 20, 2017 through October 13, 2017 and October 15-19, 2017. You are receiving this notice because your payment card may have been entered on the checkout page during this time period. “
Bulletproof 360 announced it is working diligently to improve the security of its systems and has vowed to prevent future similar security breach.
The company is inviting its customers to remain vigilant to the possibility of fraud by reviewing their payment card account statements for any unauthorized activity. The company said it will cover any costs associated with reimbursing fraudulent charges.
“If you incurred costs that your financial institution declined to reimburse related to fraudulent charges on a payment card you used for an online transaction with Bulletproof during the relevant time period, please contact us at the number below. We will reimburse you for any such reasonable, documented costs that your financial institution declined to pay” concludes the letter.
The company is known to consider cyber security as a pillar for its business, its CEO Dave Asprey worked at NetScaler, BlueCoat, and Trend Micro as a cloud security expert.
(Security Affairs – Data breach, BulletProof 360)
The post Bulletproof 360 website was hacked. Personal and financial data exposed appeared first on Security Affairs.