P2020-ND-074

Hanna Andersson, LLC

On December 5, 2019, law enforcement informed the Organization that credit cards used on its website were available for purchase on a dark web site. The Organization investigated, and confirmed its third-party ecommerce platform, Salesforce Commerce Cloud, was infected with malware that may have scraped information entered by customers into the platform during the purchase process. The earliest potential date of compromise identified by forensic investigators is September 16, 2019, and the malware was removed on November 11, 2019.

File Type: pdf
Categories: 2020
Tags: Unauthorized disclosure