The Evolution Store recently sent an updated notification letter to those affected by their previously disclosed e-commerce breach.
In their updated notification, William Stevens, President of The Evolution Store, writes that forensic investigation confirmed that unauthorized IP addresses first accessed the e-commerce site on March 2, 2014, and that the last date of unauthorized access was August 19, 2014. Only online purchases were affected.
While our investigation into the matter is ongoing, we have determined that this incident may have resulted in unauthorized access to your name, email address, phone number, billing address, shipping address, order information, user name, and credit/debit card data (including card number, CVV number, and expiration date).
You can access a template of the updated notification letter on the Vermont Attorney General’s web site.