As submitted to the California Attorney General’s website:
Evolution Nature Corp., d/b/a The Evolution Store (“Evolution”), is writing to inform you of a data incident that may affect the security of your personal information. We are unaware of any actual or attempted misuse of your personal information but are nevertheless providing notice of this incident to you so that you may take steps to monitor your identity and accounts should you feel it is necessary to do so.
Evolution received a complaint of credit-card fraud from a customer and immediately initiated a thorough investigation, supported by a top-tier and globally recognized third-party data forensics expert, Stroz Friedberg, LLC (“Stroz”). During this investigation, on September 16, 2014, Stroz confirmed that the administrative section of Evolution’s e-commerce site was accessed by unauthorized IP addresses using administrative credentials, and that customer order information was exposed. Stroz and Evolution’s teams are working aggressively to secure the e-commerce system and ensure that customer payments are protected.
While our investigation into the matter is ongoing, we’ve identified that your name, email address, phone number, billing address, shipping address, order information, and credit/debit card data (including card number, CVV number, and expiration date) were exposed to those accessing the e- commerce site from unauthorized IP addresses.
They do not indicate when the breach first occurred. Those notified are being offered free services through AllClear ID.
Update: The notification to the New Hampshire Attorney General’s Office (pdf) provides some additional details, although not when the breach first occurred or how many have been affected. They do note that the database was accessed using administrative login credentials and that one of the changes they’ve made as a result of the breach is to change all administrative login passwords to 20-character random strings and to limit IP addresses that can access the backend.