AeroGrow, maker of the at-home garden kit AeroGarden, has revealed that its website was infected with credit card scraping malware for more than four months.
“On March 4, 2019, AeroGrow learned that an unauthorized person may have acquired, through the use of malicious code, the payment card information that users entered into the eCommerce vendor’s payment page. Upon learning of the incident, we immediately removed the malicious code and secured the website,” the company wrote in a letter to customers.
AeroGrow explained that customers who bought something through its website between October 29, 2018 and March 4, 2019 had their credit card number, expiration date and card verification value (the security code) stolen by the malware.
The upside is AeroGrow does not collect other personal information about its customers, such as Social Security number, personal identification number (PIN), driver’s license number, or financial account information, so the only data compromised was related to the credit card.
AeroGrow didn’t say how many customers were impacted, but it is offering those affected free one year of identity protection services through Experian.
“We have informed law enforcement and will cooperate with their investigation,” the letter explained. “We have not delayed notifying you at the request of law enforcement. In addition, we have taken the appropriate steps to limit the likelihood of a recurrence, and we have engaged a third-party expert to conduct a thorough review of our security protocols.”
This is the latest malware attack on a company. Last year, Chili’s suffered a data breach that may have compromised customers’ credit card information after malware was discovered on some locations’ payment systems.
And a well-known hacker group, Magecart, a collective of different hackers attacking websites large and small, has targeted Ticketmaster, British Airways and consumer electronics giant Newegg, just to name a few within the past year, according to TechCrunch.