- 코스피 200 기업 99.5%가 사기성 이메일 위험에 노출··· 포춘 1000 기업군과 대조적
- The best Mini LED TV I've tested isn't made by LG or TCL, and it's on sale for Black Friday
- The best Black Friday soundbar and speaker deals: Save on Bose, Sonos, Beats, and more
- You can buy Samsung's Frame TV at up to $1,300 off for Black Friday - multiple sizes in stock
- Best Black Friday gaming PC deals 2024: Live sales on prebuilt PCs, GPUs, monitors, and more
San Francisco Law Firm Investigating PupBox Data Breach
A San Francisco law firm has launched an investigation into a data breach that took place at a subsidiary of Petco Health and Wellness Company.
The breach, which occurred over a six-month period last year, resulted in the exposure of the payment card information of tens of thousands of customers of PupBox, Inc.
PupBox, which appeared on the entrepreneurial-themed reality TV show Shark Tank, sells customized puppy subscription boxes containing toys, treats, chews, and accessories handpicked according to the animal’s age and physical characteristics.
On October 2, 2020, PupBox announced that its website, PupBox.com, had been the target of a prolonged data breach affecting more than 30,000 of its subscribers.
Threat actors installed an unauthorized website plug-in that allowed personal information to be captured and shared with a third-party server between February 11, 2020, and August 9, 2020.
Data potentially exposed in the breach includes subscribers’ names, addresses, email addresses, passwords, credit card numbers, credit card expiration dates, and credit card CVV codes.
According to a security notification letter dated October 2 and signed by PupBox’ Ben Zvaifler, the company learned of the breach in September. A month later, they found out that as a result of the incident, PupBox customers may have become the victims of fraudsters.
“We are writing to inform you that on September 2, 2020, PupBox (a business unit of Petco Animal Supplies Stores, Inc.) became aware of a security incident which affected the PupBox website and may have resulted in a breach of your personal information,” reads the letter.
“On August 7, 2020, we received a notification that fraudulent activities may have occurred on credit cards that were used on the PupBox website between February 26, 2020 and July 21, 2020.”
The incident is now under investigation by class-action lawyers at Schubert Jonckheer & Kolbe LLP, who noted that PupBox waited at least a month before notifying victims after learning the full extent of the breach.
“The Schubert Firm is investigating the conduct and cybersecurity practices of PupBox and Petco in relation to the breach. Of particular concern, the malicious plug-in was active on the PupBox website for nearly six months between February 11 and August 9, 2020,” said a spokesperson for the firm.
