DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

A&M Provides Notice of Data Security Incident at at Annie Sez, Afaze, Mandee, Sirens and Urban Planet Stores

Posted on November 12, 2016 by Dissent

Nov. 11 – A & M (2015) LLC (“A&M”) today announced that a recent data security incident may have compromised the security of payment information of some customers who used debit or credit cards at Annie Sez, Afaze, Mandee, Sirens and Urban Planet locations between November 24, 2015 and August 23, 2016. Customers who used their credit or debit card at the Annie Sez location in Danbury, Connecticut between October 15, 2015 to August 23, 2016 or Mandee location in Bergenfield, New Jersey between October 14, 2015 and August 23, 2016 may also be affected by this incident. Customers can now safely use their credit and debit cards at Annie Sez, Afaze, Mandee, Sirens and Urban Planet locations. This incident did not affect any purchases made on www.mandee.com.

What Happened?  A&M began investigating unusual activity after receiving reports from its credit card processor. A&M immediately began working with third-party forensic experts to investigate these reports and to identify any signs of compromise on its computer systems. On August 11, 2016, A&M discovered suspicious files on its computer systems that indicated a potential compromise of customers’ debit and credit card data for some debit and credit cards used at Annie Sez, Afaze, Mandee, Sirens and Urban Planet locations. On August 23, 2016, A&M determined that the files were capable of collecting credit card information and immediately removed them.

Since that time, A&M has been working with third-party forensic investigators to determine what happened and what information was affected.  The Company has confirmed that malware may have stolen data from some credit and debit cards used at U.S. Annie Sez, Afaze, Mandee, Sirens and Urban Planet locations. The Company has removed the malware at issue to contain this incident and implemented additional procedures in an effort to prevent any further unauthorized access to customers’ debit or credit card information. This incident did not involve online debit or credit card transactions at any of these brands’ websites.

What Information Was Involved?  Through the ongoing third-party forensic investigations, A&M confirmed that malware may have stolen credit or debit card data from some credit and debit cards used at Annie Sez, Afaze, Mandee, Sirens and Urban Planet locations between November 24, 2015 and August 23, 2016.  The information at risk as a result of this event for credit or debit cards used at all impacted locations but the Danbury, Connecticut Annie Sez location and the Bergenfield, New Jersey Mandee location includes the card number, expiration date and CVV.  The information at risk as a result of this event for those who used their credit or debit card at the Annie Sez location in Danbury, Connecticut between October 15, 2016 to August 23, 2016 and Mandee location in Bergenfield, New Jersey between October 14, 2016 and August 23, 2016 includes name, card number, expiration date and CVV. This incident did not involve customers’ Social Security numbers as this information is never collected by A&M. This incident did not involve customers’ PIN numbers, either.

What We Are Doing.  “A&M takes the security of our customers’ information extremely seriously, and we apologize for the inconvenience this incident may have caused our customers,” Eric Grundy, CEO of A & M (2015) LLC, stated. Eric Grundy, expanded, “We continue to work with third-party forensic investigators and law enforcement officials to ensure the security of our systems on behalf of our customers and would like to take this opportunity to remind customers to remain vigilant against identity theft by reviewing their financial account statements regularly and monitoring their credit reports for suspicious activity.”

For More Information.  A&M has established a dedicated assistance line for individuals seeking additional information regarding this incident. Customers can call 1-844-512-9007, 9 a.m. to 9 p.m. EDT, Monday through Friday (excluding U.S. holidays). Customers can also find information on this incident and what they can do to better protect against fraud and identity theft at www.mandee.com and www.anniesez.com.

SOURCE: A&M LLC.

To read the full release, see PRNewswire.

Category: Business SectorMalwareU.S.

Post navigation

← UK: ICO fines Historical Society £500 for data breach
Washington State Government Breached, Administrator Accounts Dumped Online →

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • Nigerian National Sentenced To More Than Five Years For Hacking, Fraud, And Identity Theft Scheme
  • Data breach of patient info ends in firing of Miami hospital employee
  • Texas DOT investigates breach of crash report records, sends notification letters
  • PowerSchool hacker pleads guilty, released on personal recognizance bond
  • Rewards for Justice offers $10M reward for info on RedLine developer or RedLine’s use by foreign governments
  • New evidence links long-running hacking group to Indian government
  • Zaporizhzhia Cyber ​​Police Exposes Hacker Who Caused Millions in Losses to Victims by Mining Cryptocurrency
  • Germany fines Vodafone $51 million for privacy, security breaches
  • Google: Hackers target Salesforce accounts in data extortion attacks
  • The US Grid Attack Looming on the Horizon

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • California county accused of using drones to spy on residents
  • How the FBI Sought a Warrant to Search Instagram of Columbia Student Protesters
  • Germany fines Vodafone $51 million for privacy, security breaches
  • Malaysia enacts data sharing rules for public sector
  • U.S. Enacts Take It Down Act
  • 23andMe Bankruptcy Judge Ponders Trump Bill’s Injunction Impact
  • Hell No: The ODNI Wants to Make it Easier for the Government to Buy Your Data Without Warrant

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.