P2018-ND-034

Aesop Canada Inc.

At the end of July 2017, one of the Organization?s credit card issuers notified the Organization that it had noticed patterns of fraudulent transactions on credit cards that were used to purchase items from the Organization?s website. At the end of August 2017, the Organization discovered a web-form on its site that collected customer contact data and credit card numbers was altered to also send details to a third-party address. The skimming of this information was not authorized by the Organization. The skimming appears to be a result of an application build weakness and it is not clear how the weakness was introduced to the application. On August 31, 2017, the Organization decommissioned the infrastructure for the site to prevent further breaches. The incident occurred between June 7, 2017 and August 31, 2017.

File Type: pdf
Categories: 2018
Tags: Loss