In June 2015, the California Office of the Attorney General disclosed a data breach at AeroGrow International, stemming from a malware infiltration on their online servers. The breach occurred between October 15, 2014, and April 27, 2015, during which cybercriminals potentially accessed sensitive credit card information, including customer names, addresses, payment card account numbers, expiration dates, and CVC/CVV numbers. The exact number of affected individuals remains unknown, raising concerns about the scale of exposure. The incident highlights vulnerabilities in AeroGrow’s cybersecurity defenses, as the malware persisted undetected for over six months, allowing prolonged unauthorized access. The compromised data primarily financial and personally identifiable information (PII) poses significant risks, including fraudulent transactions, identity theft, and reputational damage to the company. While no direct evidence of data misuse was reported, the exposure of full payment card details increases the likelihood of downstream financial crimes. The breach underscores the critical need for robust intrusion detection systems, regular security audits, and prompt incident response to mitigate such threats in e-commerce environments. Customers impacted by the breach were likely advised to monitor their financial accounts for suspicious activity, though the long-term consequences for AeroGrow’s brand trust and operational integrity remain a concern.
Source: https://oag.ca.gov/ecrime/databreach/reports/sb24-56231
TPRM report: https://www.rankiteo.com/company/aerogrow
"id": "aer829082025",
"linkid": "aerogrow",
"type": "Cyber Attack",
"date": "10/2014",
"severity": "60",
"impact": "2",
"explanation": "Attack limited on finance or reputation"{'affected_entities': [{'customers_affected': 'Unknown',
'industry': 'Consumer Goods (Indoor Gardening)',
'location': 'United States (California)',
'name': 'AeroGrow International',
'type': 'Company'}],
'attack_vector': 'Malware',
'data_breach': {'data_exfiltration': 'Likely (malware infiltration)',
'number_of_records_exposed': 'Unknown',
'personally_identifiable_information': ['names', 'addresses'],
'sensitivity_of_data': 'High',
'type_of_data_compromised': ['payment card information',
'personally identifiable '
'information (PII)']},
'date_detected': '2015-04-27',
'date_publicly_disclosed': '2015-06-03',
'description': 'The California Office of the Attorney General reported a data '
'breach involving AeroGrow International. The breach occurred '
'between October 15, 2014, and April 27, 2015, due to malware '
'infiltrating their online servers, potentially exposing '
'credit card information including names, addresses, payment '
'card account numbers, expiration dates, and CVC/CVV numbers. '
'The number of affected individuals is unknown.',
'impact': {'data_compromised': ['names',
'addresses',
'payment card account numbers',
'expiration dates',
'CVC/CVV numbers'],
'identity_theft_risk': 'High (payment card data exposed)',
'payment_information_risk': 'High (full card details exposed)',
'systems_affected': ['online servers']},
'initial_access_broker': {'high_value_targets': ['payment card data']},
'investigation_status': 'Reported; details limited',
'post_incident_analysis': {'root_causes': ['Malware infiltration on online '
'servers']},
'references': [{'date_accessed': '2015-06-03',
'source': 'California Office of the Attorney General'}],
'regulatory_compliance': {'regulations_violated': ['Potential violation of '
'California data breach '
'notification laws (e.g., '
'CCPA predecessor)'],
'regulatory_notifications': ['California Office of '
'the Attorney '
'General']},
'response': {'law_enforcement_notified': 'Yes (California Office of the '
'Attorney General)'},
'title': 'AeroGrow International Data Breach (2014-2015)',
'type': 'Data Breach'}