The Vermont Office of the Attorney General disclosed a data breach at Four Seasons Service & Sales, detected on February 15, 2024. The incident involved unauthorized code embedded on the company’s website, which captured personal information from customers who made online purchases between January 17 and February 15, 2024. The exact nature of the compromised data (e.g., payment details, names, addresses) and the number of affected individuals remain undisclosed. The breach was attributed to malicious actors exploiting a vulnerability in the website’s payment processing system, leading to potential exposure of customer information. While no ransomware was involved, the incident highlights a cyber attack targeting financial and personal data, posing risks of fraud, identity theft, or reputational harm to the company. Authorities were notified, but the full scope of the damage and mitigation steps taken by the company are not yet public.
Source: https://ago.vermont.gov/document/2024-03-11-four-seasons-service-sales-data-breach-notice-consumers
TPRM report: https://www.rankiteo.com/company/forseasons-sales-group
"id": "for559082025",
"linkid": "forseasons-sales-group",
"type": "Cyber Attack",
"date": "1/2024",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'customers_affected': 'Unknown (customers who made '
'purchases between 2024-01-17 '
'and 2024-02-15)',
'location': 'Vermont, USA',
'name': 'Four Seasons Service & Sales',
'type': 'Business'}],
'attack_vector': 'Unauthorized code injection (likely Magecart-style '
'skimming)',
'data_breach': {'data_exfiltration': 'Likely (captured by unauthorized code)',
'number_of_records_exposed': 'Unknown',
'personally_identifiable_information': 'Yes',
'sensitivity_of_data': 'High (personal information)',
'type_of_data_compromised': ['Personal information']},
'date_detected': '2024-02-15',
'date_publicly_disclosed': '2024-03-11',
'description': 'The Vermont Office of the Attorney General reported a data '
'breach incident involving Four Seasons Service & Sales. The '
'breach was discovered on February 15, 2024, and involved '
'unauthorized code capturing personal information from '
'customers who made purchases on their website between January '
'17 and February 15, 2024. The specific number of individuals '
'affected is unknown.',
'impact': {'data_compromised': ['Personal information of customers'],
'identity_theft_risk': 'Potential (personal information exposed)',
'payment_information_risk': 'Potential (purchase-related data '
'exposed)',
'systems_affected': ['Website payment system']},
'initial_access_broker': {'high_value_targets': ['Customer payment data']},
'investigation_status': 'Disclosed; details limited',
'post_incident_analysis': {'root_causes': ['Unauthorized code injection on '
'website']},
'references': [{'date_accessed': '2024-03-11',
'source': 'Vermont Office of the Attorney General'}],
'regulatory_compliance': {'regulatory_notifications': ['Vermont Office of the '
'Attorney General']},
'response': {'communication_strategy': 'Public disclosure via Vermont Office '
'of the Attorney General'},
'title': 'Data Breach at Four Seasons Service & Sales',
'type': 'Data Breach'}