AeroGrow International acknowledges breach of payment data from its website

• The gardening products maker has sent letters to customers and the California Office of the Attorney General, which detailed the security incident.
• AeroGrow said that the data was leaked because of a malicious code injected by attackers on its website.

The Colorado-based AeroGrow International has notified customers of a major data breach that occurred on its website. The company which mainly sells indoor gardening products online, had an outsider compromise its website to steal payment card data.

Attackers used a malicious code to capture any card information entered by customers on its payment page. As of now, the AeroGrow website has been fixed to remove the malicious code from it.

What information was leaked?

• As per the notification letter, a malicious code was injected into the AeroGrow website from October 29, 2018, to March 4, 2019.
• The company’s vendor payment page was compromised which leaked information like the payment card number, expiration date, and CVV number.
• On the other hand, personal information such as Social Security number, personal identification number (PIN), and driver’s license number, were not reportedly leaked in the incident.

Worth noting - AeroGrow has not disclosed any information on the number of customers affected by the breach. It has only mentioned an ongoing investigation conducted by law officials regarding the incident.

“We have informed law enforcement and will cooperate with their investigation. We have not delayed notifying you at the request of law enforcement. In addition, we have taken the appropriate steps to limit the likelihood of a recurrence, and we have engaged a third-party expert to conduct a thorough review of our security protocols,” the letter said the letter.

For all the affected customers, AeroGrow is providing one year of identity protection services for free through Experian.