Some reefers card info has been compromised

Mar 2, 2015 13:51 GMT  ·  By

The website of Bulk Reef Supply (BRS) coral reef aquarists was hacked back in mid-2014 resulting in customer data being exposed to an unauthorized third party.

BRS is a retailer and maker of saltwater aquarium supplies. The company, founded in 2007, ranked 20 in the top of fastest growing privately held companies in Minneapolis Metro Area last year (2014).

Payment card info exposed for some customers

According to an official notification, the administrators of the website learned of an intrusion that lasted from July 30, 2014, until January 30, 2015.

The perpetrators were able to access client information ranging mostly from names and addresses to phone numbers, email addresses and passwords. However, financial information of some of the customers was also accessed by the intruders.

Immediately after learning about the incident on January 21, 2015, the company initiated an investigation led by cyber-forensics experts and stopped the breach the next day, although some corrective actions were also taken on January 30.

The delay in informing customers about the risk was on account of the investigation, which had to reveal the exact individuals that were affected and the type of information exposed.

BRS informed the FBI about the incident and a cyber security company has been contracted to perform security tests on a regular basis to lower the risk of a cyber intrusion in the future, informs a FAQ page for the incident.

Clients receive free one-year identity protection service

To protect its customers from any fraud attempt, BRS offers one year of free subscription to an identity protection service to all impacted individuals, regardless if financial information was exposed in their case or not.

In a letter to the affected individuals, BRS president Andrew Duneman offers details on how the identity protection service can be activated.

No evidence has been found that the compromised data was misused in any way, but customers are advised to monitor their accounts for suspicious activity, and if signs of fraud are identified, call the bank or the credit card company.

All BRS customers are required to change their log-in password and it is recommended to use a unique string that is not tied to any other online account.