Malware infiltrated Bulletproof 360's website, stealing personal and financial information from its clients.
The company that specialises in coffee with butter added admitted that hackers had been inserting malicious code onto its website for months in order to steal credit card information.
Names, postal addresses, email addresses, bank card numbers, expiration dates, and security codes (CVV) were among the stolen information.
Bulletproof 360 declared that it is making a concerted effort to strengthen system security and promised to stop similar security breaches in the future.
Source: https://securityaffairs.com/66100/data-breach/bulletproof-360-hacked.html#google_vignette
TPRM report: https://scoringcyber.rankiteo.com/company/bulletproof360
"id": "bul21181223",
"linkid": "bulletproof360",
"type": "Data Leak",
"date": "11/2017",
"severity": "75",
"impact": "2",
"explanation": "Attack limited on finance or reputation"{'affected_entities': [{'industry': 'Food and Beverage',
'name': 'Bulletproof 360',
'type': 'Company'}],
'attack_vector': 'Malicious code on website',
'data_breach': {'data_exfiltration': 'Yes',
'personally_identifiable_information': 'Yes',
'sensitivity_of_data': 'High',
'type_of_data_compromised': ['Names',
'Postal addresses',
'Email addresses',
'Bank card numbers',
'Expiration dates',
'Security codes (CVV)']},
'description': "Malware infiltrated Bulletproof 360's website, stealing "
'personal and financial information from its clients. The '
'company that specialises in coffee with butter added admitted '
'that hackers had been inserting malicious code onto its '
'website for months in order to steal credit card information. '
'Names, postal addresses, email addresses, bank card numbers, '
'expiration dates, and security codes (CVV) were among the '
'stolen information. Bulletproof 360 declared that it is '
'making a concerted effort to strengthen system security and '
'promised to stop similar security breaches in the future.',
'impact': {'brand_reputation_impact': 'Significant',
'data_compromised': ['Names',
'Postal addresses',
'Email addresses',
'Bank card numbers',
'Expiration dates',
'Security codes (CVV)'],
'identity_theft_risk': 'High',
'payment_information_risk': 'High',
'systems_affected': 'Website'},
'initial_access_broker': {'entry_point': 'Website',
'reconnaissance_period': 'Months'},
'motivation': 'Financial gain',
'post_incident_analysis': {'corrective_actions': 'Strengthening system '
'security'},
'response': {'remediation_measures': 'Strengthening system security'},
'threat_actor': 'Hackers',
'title': 'Data Breach at Bulletproof 360',
'type': 'Data Breach',
'vulnerability_exploited': 'Website vulnerability'}