The Colorado-based AeroGrow International has notified customers of a major data breach that occurred on its website. The company which mainly sells indoor gardening products online, had an outsider compromise its website to steal payment card data.
Attackers used a malicious code to capture any card information entered by customers on its payment page. As of now, the AeroGrow website has been fixed to remove the malicious code from it.
What information was leaked?
Worth noting - AeroGrow has not disclosed any information on the number of customers affected by the breach. It has only mentioned an ongoing investigation conducted by law officials regarding the incident.
“We have informed law enforcement and will cooperate with their investigation. We have not delayed notifying you at the request of law enforcement. In addition, we have taken the appropriate steps to limit the likelihood of a recurrence, and we have engaged a third-party expert to conduct a thorough review of our security protocols,” the letter said the letter.
For all the affected customers, AeroGrow is providing one year of identity protection services for free through Experian.