In a letter sent to customers, Carol Lim, the CEO and co-founder of Opening Ceremony, informs that a malicious piece of software has been found on the company’s website.
The recipients of the notification are being warned that the hackers who placed the malware may have gained access to sensitive information, including credit card details, Blouin Artinfo reports
“On February 16, 2012, we believe a hacker placed malicious software on our website. We discovered the malware on March 21, 2012, immediately removed it and implemented increased security controls to prevent this from happening in the future,” Lim wrote.
“Unfortunately, the hacker may have accessed the names, addresses, and credit card information of customers who purchased an item on our website during this period.”
Opening Ceremony is working with ID Experts, a company that provides prevention and response services in case of data breaches, to minimize the impact of the incident.
The retail company owns shops, a showroom, and a private label collection, which are highly appreciated worldwide. This means that the potential number of victims could be significant.
Furthermore, there are a couple of worrying aspects regarding the incident. First of all, the timeframe in which the malware, presumably a backdoor virus, was present on the website is fairly long. We can only imagine how many customers used their credit cards in the 35-day period in which the malicious element freely performed its tasks.
Secondly, the letter sent to customers is dated May 4, which gives the cybercriminals plenty of time to take advantage of the information they obtained.
Most likely, on March 21, the hackers noticed that they no longer had access to the data. They must have known that all the credit card holders would be notified in the upcoming period, which probably made them rush in emptying those bank accounts.