The California Office of the Attorney General disclosed on April 4, 2019, that AeroGrow International, a company specializing in indoor gardening systems, suffered a data breach involving the unauthorized acquisition of payment card information. The incident occurred between October 29, 2018, and March 4, 2019, though the exact number of affected individuals remains undisclosed. The breach exposed sensitive financial data, specifically payment card details, which could lead to fraudulent transactions or identity theft for impacted customers. While the company did not confirm whether the stolen data was actively misused, the exposure of such information poses a direct risk to financial security and customer trust. The breach highlights vulnerabilities in AeroGrow’s payment processing systems, raising concerns about compliance with data protection regulations (e.g., PCI DSS). No evidence suggests broader system compromise (e.g., ransomware or large-scale data exfiltration), but the incident underscores the reputational and financial risks associated with payment card breaches. Customers affected may face unauthorized charges, while the company could incur regulatory penalties, legal liabilities, and loss of business due to eroded confidence in its security measures.
Source: https://oag.ca.gov/ecrime/databreach/reports/sb24-145989
TPRM report: https://www.rankiteo.com/company/aerogrow
"id": "aer138082125",
"linkid": "aerogrow",
"type": "Breach",
"date": "10/2018",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'customers_affected': 'Unknown (potentially affected '
'between 2018-10-29 and '
'2019-03-04)',
'industry': 'Consumer Goods (Indoor Gardening '
'Products)',
'location': 'United States (California)',
'name': 'AeroGrow International',
'type': 'Company'}],
'data_breach': {'data_exfiltration': 'Yes (unauthorized acquisition)',
'sensitivity_of_data': 'High',
'type_of_data_compromised': 'Payment card information'},
'date_publicly_disclosed': '2019-04-04',
'description': 'The California Office of the Attorney General reported that '
'AeroGrow International experienced a data breach involving '
'unauthorized acquisition of payment card information. The '
'breach potentially affected individuals between October 29, '
'2018, and March 4, 2019. Specific details on the number of '
'individuals affected are unknown.',
'impact': {'data_compromised': ['Payment card information'],
'identity_theft_risk': 'Potential (due to payment card exposure)',
'payment_information_risk': 'High'},
'references': [{'date_accessed': '2019-04-04',
'source': 'California Office of the Attorney General'}],
'regulatory_compliance': {'regulations_violated': ['Potential violation of '
'California data breach '
'notification laws (e.g., '
'CCPA precursor)'],
'regulatory_notifications': 'California Office of '
'the Attorney General'},
'response': {'communication_strategy': 'Public disclosure via California '
'Office of the Attorney General'},
'title': 'AeroGrow International Payment Card Data Breach (2018-2019)',
'type': 'Data Breach'}