DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

How sweet it is(n’t): Chocolatier announces breach

Posted on August 30, 2019 by Dissent

Their press release:

KANSAS CITY, Mo., Aug. 30, 2019 — Russell Stover Chocolates, LLC (Russell Stover) recently became aware of a data security incident potentially affecting certain data from payment cards used for purchases at Russell Stover retail stores during a limited timeframe. It is important to note that, at this time, there is no evidence that this incident impacted purchases made on Russell Stover’s website. Russell Stover is approaching this incident with the utmost importance and providing potentially impacted individuals with information on steps they can take to protect themselves.

Russell Stover determined that an unauthorized actor had possibly gained access to its point-of-sale (POS) systems through malware at Russell Stover’s retail stores. Upon learning of the incident, Russell Stover immediately initiated an investigation, engaged leading, independent cybersecurity experts, and took measures to eradicate and contain the malware. Russell Stover has also notified the appropriate law enforcement and regulatory authorities and is working closely with the payment card companies regarding this matter.

Based on its investigation to date, Russell Stover believes that, by means of the malware, the unauthorized actor may have been able to acquire certain data from payment cards used in Russell Stover retail stores during timeframes beginning no earlier than February 9, 2019 and no later than August 7, 2019.

While Russell Stover’s investigation is ongoing, the company believes that certain payment card data, including some consumers’ first and last names, payment card numbers and expiration dates could have been acquired. At this time, Russell Stover has no evidence that any information has been inappropriately used.

Russell Stover deeply regrets that this incident occurred and for any inconvenience or concern it causes its consumers. The security and privacy of consumers’ payment card data is a top priority, and Russell Stover is working to further strengthen its security measures, including through enhanced employee training and improved technical measures.

As a best practice, it is always advisable for individuals to remain vigilant and monitor their payment card statements for suspicious charges or activity they do not recognize. If a consumer suspects an unauthorized charge, they should immediately notify the bank or financial institution that issued the payment card. Payment card network rules generally state that payment cardholders are not responsible for fraudulent charges that are timely reported. Accordingly, Russell Stover consumers, like any payment cardholder, should promptly report unauthorized charges to the bank or financial institution that issued their payment card.

More information about the incident and steps that consumers can take to help protect themselves is available at www.russellstover.com/securityincident. Russell Stover has also set up a dedicated call center for consumers at 855-896-4449 available from 6 a.m. to 8 p.m. (Pacific) Monday through Friday and 8 a.m. to 5 p.m. (Pacific) on Saturday and Sunday (exclusive of holidays). When calling in, callers should use the reference number DB14273.

Related posts:

  • Credit card data from Russell Stover breach shows up for sale on the dark web
  • MAPCO Express experiences security breach
Category: Business SectorMalwareU.S.

Post navigation

← Bulgarian lender Banka DSK fined 1M leva for data breach
Phishing scheme gains entry to Oregon Judicial Department emails →

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • Hacker helped kill FBI sources, witnesses in El Chapo case, according to watchdog report
  • Texas Centers for Infectious Disease Associates Notifies Individuals of Data Breach in 2024
  • Battlefords Union Hospitals notifies patients of employee snooping in their records
  • Alert: Scattered Spider has added North American airline and transportation organizations to their target list
  • Northern Light Health patients affected by security incident at Compumedics; 10 healthcare entities affected
  • Privacy commissioner reviewing reported Ontario Health atHome data breach
  • CMS warns Medicare providers of fraud scheme
  • Ex-student charged with wave of cyber attacks on Sydney uni
  • Detaining Hackers Before the Crime? Tamil Nadu’s Supreme Court Approves Preventive Custody for Cyber Offenders
  • Potential Cyberattack Scrambles Columbia University Computer Systems

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • Hacker helped kill FBI sources, witnesses in El Chapo case, according to watchdog report
  • Germany Wants Apple, Google to Remove DeepSeek From Their App Stores
  • Supreme Court upholds Texas law requiring age verification on porn sites
  • Justices nix Medicaid ‘right’ to choose doctor, defunding Planned Parenthood in South Carolina
  • European Commission publishes its plan to enable more effective law enforcement access to data
  • Sacred Secrets: The Biblical Case for Privacy and Data Protection
  • Microsoft’s Departing Privacy Chief Calls for Regulator Outreach

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.