So I meant to report on this breach last week, but when I went to their web site to see if they had any notification up, I started browsing all the Japanese and Eastern Asian art, and forgot to get back to writing up the breach report. Thanks to “Russy” who sent me a reminder about this one.
It seems that the art gallery’s web site provider notified them on October 18 that unauthorized code had been code inserted that would have captured customers’ name, postal and email addresses, phone number, payment card number, expiration date, and CVV (security code).
The compromise impacted orders placed on the site between December 29, 2017 and August 16, 2018.
The gallery did not name the web site provider nor provide any statement as to why it took so long to detect the breach and whether it was the provider’s responsibility to have prevented and/or detected the breach or theirs.
You can read the entire notification template below:
2018-12-12-Ronin-Gallery-Notice-of-Data-Breach-to-Consumers