Graeter’s website breach could compromise payment card details of nearly 12,000 customers

• The breach occurred after a malicious code was injected into the checkout page of the website.
• The malware may have been on the site from June 28, 2018, through December 18, 2018.

Cincinnati-based Graeter’s ice-cream has issued a notice to its customers informing that their personal and financial data might have been compromised in a data breach.

The breach occurred last year and is believed to have affected nearly 12,000 customers who made an online payment and purchased goods from the website ‘graeters.com’ in 2018.

What happened?

According to the firm, the breach occurred after a malicious code was injected into the checkout page of the website. The malware may have been on the site from June 28, 2018, through December 18, 2018.

“We do not know if the notice recipients’ card numbers were in fact compromised, but to be safe, we are notifying anyone who made a purchase during the time that the malicious code was present. We have no information about any other breaches. This breach only involved our online store graeters.com,” said Richard Graeter, Graeter’s President and CEO, LEX18 reported.

The company claims that the malware is capable of copying all the information entered by customers during the checkout process. This includes name, address, phone number, fax number, card type and number, expiration date and card verification code of an individual.

The company is encouraging all its customers to review their bank accounts for any unauthorized activity.