Greenworks Tools

On September 17, 2020, the California Office of the Attorney General disclosed a data breach affecting Greenworks Tools, stemming from a cyber-attack that persisted between July 14, 2019, and June 30, 2020. The incident compromised payment card information of approximately 1,425 Rhode Island residents, exposing sensitive details such as cardholder names, addresses, credit card numbers, expiration dates, and CVVs.The breach resulted from unauthorized access to the company’s systems, likely through a cyber intrusion targeting payment processing infrastructure. While the exact attack vector (e.g., malware, phishing, or exploitation of vulnerabilities) was not specified, the exposure of full payment card data including CVVs poses a high risk of fraudulent transactions and financial harm to affected individuals. The prolonged duration of the breach (nearly a year) suggests potential gaps in detection or mitigation controls.Although no evidence indicated broader systemic damage (e.g., operational disruption or ransomware), the compromise of financial data aligns with attacks that directly impact customer trust and financial security, warranting significant concern for both regulatory compliance (e.g., PCI DSS) and reputational damage. The company likely faced legal and remediation costs, including notifications, credit monitoring for victims, and potential fines under state data breach laws.

Source: https://oag.ca.gov/ecrime/databreach/reports/sb24-194167

TPRM report: https://www.rankiteo.com/company/greenworkstools

"id": "gre1021090725",
"linkid": "greenworkstools",
"type": "Cyber Attack",
"date": "7/2019",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"

{'affected_entities': [{'customers_affected': '1,425 (Rhode Island residents)',
                        'industry': 'Tools/Equipment Manufacturing',
                        'name': 'Greenworks Tools',
                        'type': 'Company'}],
 'data_breach': {'data_exfiltration': 'Likely (payment card data accessed)',
                 'number_of_records_exposed': '1,425',
                 'personally_identifiable_information': ['cardholder names',
                                                         'addresses'],
                 'sensitivity_of_data': 'High',
                 'type_of_data_compromised': ['payment card information']},
 'date_publicly_disclosed': '2020-09-17',
 'description': 'The California Office of the Attorney General reported a data '
                'breach involving Greenworks Tools, where payment card '
                'information for approximately 1,425 Rhode Island residents '
                'was compromised between July 14, 2019, and June 30, 2020. '
                'Affected data includes cardholder names, addresses, credit '
                'card numbers, expiration dates, and CVVs.',
 'impact': {'data_compromised': ['cardholder names',
                                 'addresses',
                                 'credit card numbers',
                                 'expiration dates',
                                 'CVVs'],
            'identity_theft_risk': 'High (payment card data exposed)',
            'payment_information_risk': 'High (full card details exposed)'},
 'references': [{'source': 'California Office of the Attorney General'}],
 'regulatory_compliance': {'regulatory_notifications': 'California Office of '
                                                       'the Attorney General'},
 'response': {'communication_strategy': 'Public disclosure via California '
                                        'Office of the Attorney General'},
 'title': 'Greenworks Tools Data Breach (2019-2020)',
 'type': 'Data Breach'}