The Vermont Office of the Attorney General disclosed a data breach affecting Jerry Baker, involving unauthorized access to its e-commerce platform (CommerceV3) between November 24, 2021, and December 14, 2022. The incident, detected on June 30, 2023, exposed sensitive customer data, including names, email addresses, billing addresses, payment card numbers, CVV codes, and expiration dates. At least one Rhode Island resident was confirmed impacted, though the full scope of affected individuals remains unclear. The breach posed significant risks, as exposed payment card details (including CVV codes) could enable fraudulent transactions or identity theft. While the exact method of unauthorized access was not specified, the prolonged exposure window (over a year) heightened vulnerabilities. The incident underscored failures in securing e-commerce infrastructure, particularly in safeguarding financial data—a high-value target for cybercriminals. No ransomware involvement was reported, but the leak of full payment card information suggests severe operational and reputational consequences for Jerry Baker, potentially eroding customer trust and triggering regulatory scrutiny under data protection laws.
TPRM report: https://www.rankiteo.com/company/americanmasterproducts
"id": "ame218082125",
"linkid": "americanmasterproducts",
"type": "Breach",
"date": "11/2021",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'customers_affected': 'At least 1 (Rhode Island '
'resident)',
'industry': 'Retail / Gardening',
'name': 'Jerry Baker',
'type': 'Business (E-commerce Retailer)'},
{'industry': 'Technology / E-commerce Solutions',
'name': 'CommerceV3',
'type': 'E-commerce Platform Provider'}],
'data_breach': {'data_exfiltration': 'Likely (unauthorized access to '
'sensitive data)',
'personally_identifiable_information': ['Names',
'Email addresses',
'Billing addresses',
'Payment card numbers',
'CVV codes',
'Expiration dates'],
'sensitivity_of_data': 'High',
'type_of_data_compromised': ['Personally Identifiable '
'Information (PII)',
'Payment Card Information '
'(PCI)']},
'date_publicly_disclosed': '2023-06-30',
'description': 'The Vermont Office of the Attorney General reported that '
'Jerry Baker experienced a data breach affecting personal '
'information. The breach involved unauthorized access to the '
'e-commerce platform CommerceV3 between November 24, 2021, and '
'December 14, 2022, potentially exposing customer names, email '
'addresses, billing addresses, payment card numbers, CVV '
'codes, and expiration dates. One Rhode Island resident was '
'impacted by this incident.',
'impact': {'data_compromised': ['Customer names',
'Email addresses',
'Billing addresses',
'Payment card numbers',
'CVV codes',
'Expiration dates'],
'identity_theft_risk': 'High (PII and payment card data exposed)',
'payment_information_risk': 'High (CVV codes and card numbers '
'exposed)',
'systems_affected': ['CommerceV3 e-commerce platform']},
'initial_access_broker': {'high_value_targets': ['Payment card data', 'PII']},
'references': [{'date_accessed': '2023-06-30',
'source': 'Vermont Office of the Attorney General'}],
'regulatory_compliance': {'regulatory_notifications': ['Vermont Office of the '
'Attorney General']},
'response': {'communication_strategy': 'Public disclosure via Vermont Office '
'of the Attorney General'},
'title': 'Jerry Baker Data Breach via CommerceV3 E-Commerce Platform',
'type': 'Data Breach'}