eCommerce platform Volusion announced on Monday it has suffered from a data security incident that may have possibly exposed the personal information of some of its clients’ customers. In a press release, the Austin-headquartered company said it is now reaching out to potential victims of the breach to provide information about the incident and extend assistance.
“On or about October 8, 2019, Volusion learned that the personal information of some of the customers of our merchant clients may have been improperly exposed as a result of malware placed on Volusion's e-commerce platform,” the seller explained. “Immediately after learning this, Volusion secured the platform, removed the malware, notified the FBI, began an investigation, and engaged an independent forensic investigator and a qualified Payment Card Industry Forensic Investigator ("PFI").”
Later, at the course of the investigation, Volusion said it was able to confirm that personal information provided by some customers who made purchases on Volusion-hosted websites from September 7, 2019, to October 8, 2019 “may have been improperly exposed.”
Although no specific number of impacted individuals has been provided by the company, Michigan State University, who uses Volusion's e-commerce platform for a payment solution, revealed that “less than 300 customers” may have been potentially impacted by the incident.
“While there was no breach to Michigan State University’s networks or systems, this breach of a third-party vendor is concerning and compels us to do what we can to help those impacted by sharing this important information,” said MSU Chief Information Officer Melissa Woo. “We know that the best tool in protecting yourself from identity theft and preserving your personal information is accurate information and swift action.”
Among the personal details exposed in the breach included customers’ names, phone numbers, addresses, credit card numbers, CVVs, and card expiration dates.
To date, Woo said the University is currently looking for a new third-party payment solution for its online store.
Meanwhile, in a bid to contain the impact of the incident and provide immediate assistance to affected individuals, Volusion established a toll-free call center focused on answering questions about the incident and addressing related concerns of customers.
“Volusion deeply regrets any concern or inconvenience this issue may have caused and is taking affirmative steps based on the findings of the investigation to prevent a similar event from occurring in the future, including working with leading cybersecurity experts to enhance the security of its digital environment,” the release ended.
