Back in March, InterMedia Outdoors notified the Maine Attorney General’s Office that they had received several reports of credit card fraud after customers had placed telephone orders with InterMedia Outdoors. According to their notification, the potential breach began as early as August 2009 and was first discovered in February 2010. That report, which I had obtained under FOI, indicated that although they had not confirmed that there was a breach (and hence, any cause), they had terminated using a third-party vendor to take telephone orders.
But maybe the vendor hadn’t been the problem. In July, InterMedia Outdoors filed a second report of an unconfirmed potential security incident. In the new report, filed with the Maryland Attorney General’s Office, they report that this incident began on or about May 13 of this year and occurred during a few-week period in May. Once again, the fraudulent card activity occurred after customers placed telephone orders with InterMedia Outdoors. These telephone orders were taken at IMO’s office in Minnesota and not by any vendor.
As a result of this latest round of reports, IMO has installed a dedicated server to store and process telephone credit card orders and has been scanning their system for signs of unauthorized access.