Ohio-based Casad Company Inc. (asi/168375), which runs the website totallypromotional.com, was the victim of a data breach in June and July, with hackers accessing the names, mailing and email addresses, and credit and debit card information for an undisclosed number of customers, according to documents posted online by the Office of the Attorney General of the New Hampshire Department of Justice. Representatives of Casad did not return a call from Counselor seeking comment on the incident.
The breach affected customers between June 23 and July 10, per an investigation by the Casad Company. Cyber-attackers forced their way into the company’s computer system, gaining access to client information and leaving malware behind. Casad Company learned of the breach on July 6, after receiving calls from customers who had used their cards on the Totally Promotional website. Customers saw unauthorized charges on their card, according to the documents.
The company subsequently hired an outside team of data security experts to investigate the breach and was then able to close the access point the attackers had used and remove the malware, the documents state. Casad then went through a series of internal and external security audits. In mid-August, Casad Company began notifying potentially affected customers via email and mail, letting them know they had zero liability for fraudulent charges and sharing steps to help them protect their personal information.
In a response posted earlier this month on the Totally Promotional Facebook page, a representative of Casad Company confirmed the breach and noted: “We are very sorry that this happened and since this has happened, we have ramped up our cyber security and are more than compliant with all current and upcoming federal regulations regarding cyber security.”