Hair care product manufacturer and e-tailer Ouidad is notifying customers that they were recently alerted to a compromise of their customer database that occurred between June 30 and July 4.
In a letter to those affected, they write:
It appears the attackers obtained or viewed information about one or more transactions you completed at Ouidad.com including your first and last name, credit card number, credit card security code and expiration date, billing address, email address, [user name, password,] and phone number.
Ouidad reset passwords for those whose passwords were involved, and has offered those affected a free one-year membership in the Equifax Credit Watch Gold with Web Detect identity theft protection monitoring program.
According to their submission to the California Attorney General’s Office, they learned of the breach on September 20, but they do not indicate in their letter who alerted them to the problem and whether the initial alert was a report of credit card fraud. In fact, their letter is totally silent on the question of whether they are aware of any fraudulent use of customer information.
Update: 559 residents of New Hampshire were also notified of this breach.