Canada-based online retailer for health and beauty products Well.ca has suffered a security breach and loss of customers’ credit card data.
Well.ca sent an email to its customers on 19 February in which it wrote that one of its service providers was "illegally compromised" between 22 December 2013 and 7 January 2014.
Go deeper with GlobalData
Rebecca McKillican, CEO at Well.ca, said that the company lost names, billing addresses, credit card numbers, credit card expiry dates and the CVV or security codes for a "few thousand" customers.
McKillican also added that only first time customers, who made their first purchase between 22 December and 7 January, have been affected by the security breach.
During that time, an attacker exploited a vulnerability in Well.ca’s security to get access to the website and steal customers’ credit card data as they entered it for their first purchase.
The vulnerability was closed on 7 January after a routine change of security measures on Well.ca’s account.
Well.ca was informed of the vulnerability by the service provider early in February and got further confirmation of the breach during the second week of February from its credit card provider.
McKillican concluded by saying that ‘repeat’ customers have not been affected by the security breach, as long as their data is stored with a payment processor, not with Well.ca or its service providers.
Related articles:
Powered Card Solutions presents new credit card technology to prevent fraud
Kickstarter says no credit card details stolen in hacking incident
Three South Korean credit card firms suspended over data theft
