Bear with me, folks, because this one is a bit confusing.
I am looking at an undated letter to customers that Van Dyke’s Restorers sent out, but there is no attached report or cover letter to the Vermont Attorney General’s Office that has been posted online. Vermont’s site indicates a date of August 8, but it is not clear whether that was the date of the letter or whether it was the date of the breach or when the state was notified.
In any event, Van Dyke’s Restorers explains that they learned that “over the past few months” that its unnamed website service provider had been the “victim of an Internet attack” and had customer data stolen from its database. Or maybe not. The payment information was encrypted and Van Dyke’s Restores elsewhere talks about the “potential disclosure” of the customer data.
Read the letter and see what you think. I’m not sure that this was even a reportable breach under Vermont’s statute.