Sinclair Institute, provider of articles on sex education as well as sex toys and intimacy aids, is notifying some customers of a breach involving their web site. In a letter dated October 23, David Groves, President, writes in part:
We are writing to inform you of a recent data security incident which likely involved some of your personal information. As you made a purchase on our website, www.sinclairinstitute.com between August 3, 2014 and August 28, 2014, your credit card information may be affected.
In a companion Q&A, they write:
We were informed by our hosting partner on August 28, 2014 that login information and customer information for some of Sinclair’s customers had likely been illegally obtained. We were informed that the breach began on August 3, 2014 when certain computer files were modified without authorization so as to allow customer information to be illegally accessed. Customer information involved included login codes and passwords, customer name and address, birthday, phone number, email address and credit card information (credit card number, expiration date and CVV). We requested and obtained copies of the affected files from our hosting partner and launched an internal investigation to independently verify the nature and scope of the incident and confirm that personal information was no longer accessible. We also contacted the FBI to report the incident.
You can read the full notification letter on the web site of the Vermont Attorney General. There does not seem to be any notice on SinclairInstitute.com
So… it’s not an uncommon breach, and some customers may not be embarrassed were it known they were ordering materials or sex toys from the site, but given the nature of the site, could hackers attempt to blackmail any customers? How embarrassing might a data dump be for some of the affected customers?