DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

Edmund Optics hacked; customer credit card information acquired

Posted on March 15, 2012 by Dissent

On Monday, Edmund Optics issued a statement on its web site about a security breach:

On Sunday, February 26, 2012 Edmund Optics identified suspicious activity on our website and quickly determined there had been a breach of our security. Actions were taken immediately to stop the intrusion, increase security and prevent further unauthorized access to breach of our website and systems. We deeply regret any inconvenience to our customers from this incident and we will continue to make every effort to rectify this situation. Our customers are our top priority. We extend our sincere apologies and will continue to provide updates to our customers as they become available.

During our ongoing investigation, we identified certain customer accounts that we believe have been compromised. We are taking precautionary measures and sending a notification package to any customers who may potentially be impacted. The package will include a letter regarding the ongoing investigation, steps on fraud prevention and information regarding free credit monitoring services for one year paid for by Edmund Optics where available. Every customer who may be impacted will be notified directly. If you are not notified shortly, you should assume your account has not been compromised.

Edmund Optics has hired Trustwave Corporation to complete an extensive investigation of the incident. In addition, we have engaged Kroll Corporation to provide our customers with any support services they need regarding fraud prevention and credit monitoring in the event that they have been impacted by this incident.

The trust and security of our customers is of paramount concern. We continue to take the necessary steps to prevent future unauthorized access to our website and company data.

Sincerely,

Robert Edmund
CEO
Edmund Optics

Their notification to the New Hampshire Attorney General’s Office provides some additional details on the incident. They note that hackers had exploited a vulnerability in Cold Fusion 8. Between February 8 and February 26, when the breach was detected, the intruders had been able to  access customers’ personal information, including credit card information. The notification did not indicate whether it was credit card numbers or numbers plus expiration dates and/or cvv.   At the bank’s request, the company is undergoing a PCI compliance audit.   There was no indication as to how much data was stored on the server and whether only recent customers were affected or if they had retained data on older transactions.

Although not many New Hampshire residents were being notified, the firm notes that they are also notifying regulators in other states and relevant foreign entities.

The Secret Service is investigating the incident.

No related posts.

Category: Breach IncidentsBusiness SectorHackU.S.

Post navigation

← irandefence.net hacked and 2800+ accounts leaked
14 Arrested as part of a alleged £1m Phishing scam →

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • Multiple lawsuits filed against Doyon Ltd over April 2024 data breach and late notification
  • Chinese hackers suspected in breach of powerful DC law firm
  • Qilin Emerged as The Most Active Group, Exploiting Unpatched Fortinet Vulnerabilities
  • CISA tags Citrix Bleed 2 as exploited, gives agencies a day to patch
  • McDonald’s McHire leak involving ‘123456’ admin password exposes 64 million applicant chat records
  • Qilin claims attack on Accu Reference Medical Laboratory. It wasn’t the lab’s first data breach.
  • Louis Vuitton hit by data breach in Türkiye, over 140,000 users exposed; UK customers also affected (1)
  • Infosys McCamish Systems Enters Consent Order with Vermont DFR Over Cyber Incident
  • Obligations under Canada’s data breach notification law
  • German court offers EUR 5000 compensation for data breaches caused by Meta

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • Trump Border Czar Boasts ICE Can ‘Briefly Detain’ People Based On ‘Physical Appearance’
  • DeleteMyInfo Wins 2025 Digital Privacy Excellence Award from Internet Safety Council
  • TikTok Loses First Appeal Against £12.7M ICO Fine, Faces Second Investigation by DPC
  • German court offers EUR 5000 compensation for data breaches caused by Meta
  • How to Build on Washington’s “My Health, My Data” Act
  • Department of Justice Subpoenas Doctors and Clinics Involved in Performing Transgender Medical Procedures on Children
  • Google Settles Privacy Class Action Over Period Tracking App

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.
Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report