New Zealand-based pet retailer Animates has announced a data breach that affected its 2,700 customers. The incident occurred between June 29 and September 13, 2019.
According to the breach notification, Animates has disclosed that the incident occurred due to unauthorized third-party access. This may have affected the personal and financial information of customers.
The unauthorized access was caused by malicious software which went undetected for a long time on the website. However, users’ loyalty points and stored transactions have not been affected in the breach.
What data was involved?
Investigation reveals that personal information on the website have been impacted in the incident. This could include users’ addresses, phone numbers, email addresses, usernames or passwords.
“To those customers who made purchases on-line using Layby or PayPal, your payment information has not been affected. We can confirm no purchases made in physical stores have been affected,” said the notification.
What actions have been taken?
The firm is continually performing security scans. It has also installed updates on the websites to eliminate any vulnerabilities. It has also enabled two-factor authentication and whitelisted software to mitigate unauthorized access to the website.
As a precautionary measure, it is recreating the website following which users have to create a new password for their account.