Malware in the code of the e-commerce platform was identified and initially removed from their website.
They cannot determine which transactions were impacted.
They have been sending this notice to all of the approximately 41,000 customers who made a credit card purchase on our website during the period the malware may have existed until the day the identified malware was finally removed.
Source: https://www.databreaches.net/bombas-notifies-consumers-of-breach-going-back-to-2013/
TPRM report: https://scoringcyber.rankiteo.com/company/bombas
"id": "bom17491822",
"linkid": "bombas",
"type": "Malware",
"date": "05/2018",
"severity": "50",
"impact": "2",
"explanation": "Attack limited on finance or reputation"{'affected_entities': [{'customers_affected': 41000,
'industry': 'Retail',
'type': 'E-commerce Platform'}],
'attack_vector': 'Web Application',
'customer_advisories': ['Notice Sent to Customers'],
'data_breach': {'sensitivity_of_data': 'High',
'type_of_data_compromised': ['Credit Card Information']},
'description': 'Malware in the code of the e-commerce platform was identified '
'and initially removed from their website. They cannot '
'determine which transactions were impacted. They have been '
'sending this notice to all of the approximately 41,000 '
'customers who made a credit card purchase on our website '
'during the period the malware may have existed until the day '
'the identified malware was finally removed.',
'impact': {'data_compromised': ['Credit Card Information'],
'payment_information_risk': 'High',
'systems_affected': ['E-commerce Platform']},
'response': {'communication_strategy': ['Customer Notification'],
'containment_measures': ['Malware Removal']},
'title': 'Malware Infection on E-commerce Platform',
'type': 'Malware'}