Customers of an Oregon retailer have become victims of fraud after their financial information was exposed in a sustained data breach.
Data belonging to thousands of customers of Made in Oregon was compromised in a breach that lasted six months. Made in Oregon is a regional vendor with five stores in the Portland area.
According to the gift retailer, an unauthorized party gained access to its e-commerce site between the first week of February 2020 and the last week of August 2020.
Last week, Made in Oregon sent letters to 7,800 customers who purchased gifts from its online store during the period when the breach occurred.
Customers were warned that their name, billing address, shipping address, email address, and credit card information may have been compromised.
Made in Oregon is aware of a small number of customers who have become victims of fraud after their credit card data was exposed in the breach and is working with law enforcement to investigate the security incident.
“We think the actual number of people who had their cards used fraudulently was very, very small," company owner Verne Naito told OregonLive. "But having said that, anybody who (made a purchase) on our site was potentially compromised, which is why we immediately came forward.”
Naito said that customers who made purchases over the phone during the breach period had not been affected by the security incident.
The breach has been reported to law enforcement, and Made in Oregon have launched an internal investigation to ascertain exactly what happened and how many customers were affected. Customers have been offered complimentary credit monitoring services for a year.
Since the breach, Made in Oregon said it has "implemented additional security measures designed to prevent a recurrence of this incident."
"With consumers around the world increasing the amount of shopping they do online, attackers have naturally gone after online shoppers with sophisticated fraud campaigns," commented Brendan O'Connor, CEO and co-founder of AppOmni,"These trends are unlikely to slow down anytime soon, and I expect that we will continue to see more attacks targeting cloud applications for business and e-commerce sites for consumers.”