"We were recently made aware by the payment card networks of patterns of unauthorized charges occurring on cards after they were legitimately used on Graeter's website ...
Data that may have been copied by an authorized code on the website’s checkout page includes the customer’s “first and last name, address, telephone number, fax number, payment card type, payment card number, expiration date and verification code,” the letter stated.
The code may have been present from June 28, 2018, to Dec. 17, 2018.
>> Banish the winter blues with light therapy
University of Dayton cyber security expert David Salisbury said unfortunately, this type of attack is common.
“The fact of the matter is there’s a lot of people who spend a lot of their time figuring out ways to break into websites and make money off of it, and as a consequence, somebody gets caught no matter how much you try to put in defenses,” he said.
Salisbury recommends using virtual credit card numbers, if your card issuer offers them, and report any suspicious charges immediately.
>> Homeowners: Beware cold weather scams
Graeter’s is encouraging its online customers to review account statements for any unauthorized activity and report incidents to card issuers.
The letter also states that Graeter’s is working to enhance its security with password resets and scans for malicious code.