The Washington State Office of the Attorney General disclosed a data breach affecting Combat Brands, LLC, stemming from a cyberattack that persisted undetected between July 1, 2015, and October 6, 2017. The incident resulted in the compromise of payment card data for 956 individuals, including 753 Washington residents. Exposed information included cardholder names, card numbers, expiration dates, and CVV codes critical details that could facilitate fraudulent transactions or identity theft. The breach highlights vulnerabilities in the company’s payment processing systems, allowing attackers prolonged access to sensitive financial data. While the exact method of infiltration (e.g., malware, phishing, or exploitation of unpatched systems) was not specified, the prolonged duration suggests a failure in detection mechanisms. The exposure of CVV codes typically used for card-not-present transactions increases the risk of unauthorized online purchases. Although no evidence of large-scale fraud was reported, the breach undermines customer trust and exposes the company to potential financial liabilities, regulatory penalties, and reputational damage. The incident underscores the need for robust payment security protocols, including encryption, tokenization, and real-time monitoring, to prevent similar compromises in the future.
TPRM report: https://www.rankiteo.com/company/combat-brands
"id": "com038090625",
"linkid": "combat-brands",
"type": "Cyber Attack",
"date": "7/2015",
"severity": "60",
"impact": "2",
"explanation": "Attack limited on finance or reputation"{'affected_entities': [{'customers_affected': 956,
'industry': 'Retail / E-commerce',
'name': 'Combat Brands, LLC',
'type': 'Private Company'}],
'data_breach': {'data_exfiltration': 'Yes',
'number_of_records_exposed': 956,
'personally_identifiable_information': ['cardholder names'],
'sensitivity_of_data': 'High',
'type_of_data_compromised': ['payment card data']},
'date_publicly_disclosed': '2017-12-11',
'description': 'The Washington State Office of the Attorney General reported '
'a data breach involving Combat Brands, LLC. The breach '
'occurred between July 1, 2015, and October 6, 2017, and '
'involved a cyberattack resulting in the compromise of debit '
'and credit card data. The compromised information included '
'cardholder names, card numbers, expiration dates, and CVV '
'codes, affecting 956 individuals, including 753 Washington '
'residents.',
'impact': {'data_compromised': ['cardholder names',
'card numbers',
'expiration dates',
'CVV codes'],
'identity_theft_risk': 'High (payment card data exposed)',
'payment_information_risk': 'High (full card details including CVV '
'compromised)'},
'references': [{'source': 'Washington State Office of the Attorney General'}],
'regulatory_compliance': {'regulatory_notifications': ['Washington State '
'Attorney General']},
'response': {'communication_strategy': 'Public disclosure via Washington '
'State Attorney General'},
'title': 'Combat Brands, LLC Data Breach (2015–2017)',
'type': 'Data Breach'}