Matt Ryan reports on a breach previously covered here last month with some updated information:
The day after an earthquake leveled Port-au-Prince, Haiti, Small Dog Electronics began collecting and matching donations to aid the relief effort. As the fundraiser got under way, a hacker accessed the company’s security system and started stealing donors’ credit card information.
“There had been some malicious code that had been inserted into one of our credit card servers,” said Ed Shepard, Small Dog’s vice president of marketing. “That code could have been inserted about a year before it (the fundraiser) happened.”
The hacker “pounced” during the fundraiser and started charging some of the cards, Shepard said. The breach compromised 1,225 cards, including those belonging to 179 Vermonters, he said, but only affected cards used through Small Dog’s online shopping cart, not at its retail stores.
Read more on the Burlington Free Press. It’s not clear when Small Dog notified customers, as the February 18 coverage by Infosecurity indicated that they had obtained a copy of a notification sent to a customer, but the new story indicates that notifications were sent on March 3.