Contents:
HRM Enterprises, Inc., the owner of the US’s largest independent hardware store, was recently the victim of a cyberattack where the credit card information of more than 40,000 clients was stolen. Based in Hartville, Ohio, HRM Enterprises, Inc. is a group of businesses that revolve around the biggest independent hardware store in the nation.
Client information for HRM was compromised by Commerce V3, the e-commerce platform provider, according to a letter sent to impacted customers on July 26. Customers who made transactions from the e-commerce websites of two HRM businesses, Hartville Hardware and Lehman’s, had their payment card information compromised.
The Office of the Maine Attorney General states that 43,092 people were affected by the breach in total so far.
The Threat Actors Had Access for Over a Year
The e-commerce platform provider for HRM, Commerce V3, informed the business of a system breach on June 8th, 2023.
Between October 24th, 2021, and December 14th, 2022, an unauthorized actor purportedly gained access to HRM’s systems and “acquired payment card information entered within the platform during that timeline.”
According to the company’s message to impacted customers, “CommerceV3 notes that it worked with the card companies to identify the payments entered during this window.”
What Information Was Stolen?
As reported by Cybernews, customers’ names, complete credit card numbers, CVV codes, and expiration dates for each purchase were among the information that might have been impacted. Emails and billing addresses are also among the sensitive data that were exposed. According to the statements given by the company, Social Security Numbers (SSNs) were not breached, since neither CommerceV3 nor HRM requires or stores SSNs for e-commerce transactions.
However, HRM advises affected clients to “remain vigilant for incidents of payment card fraud,” keep an eye on their account statements, and report any suspicious activity to the relevant financial institution or law enforcement agency. HRM has not provided credit monitoring or identity theft protection services.
If you liked this article, follow us on LinkedIn, Twitter, Facebook, Youtube, and Instagram for more cybersecurity news and topics.