Malley’s Chocolates

The Oregon Department of Justice disclosed a data breach targeting Malley’s Chocolates on April 7, 2022. The incident involved unauthorized access to payment card data submitted via the company’s e-commerce website between April 11, 2021, and March 2, 2022. Compromised information included customer names, contact details, credit/debit card numbers, expiration dates, and CVV codes critical data for financial fraud. The breach exposed customers to risks such as fraudulent transactions, identity theft, and phishing attacks, given the sensitivity of the stolen payment information. While the exact number of affected individuals was not specified, the exposure of full card details (including CVV) significantly elevates the potential for direct financial harm. The company likely faced reputational damage, customer distrust, and potential regulatory scrutiny due to the failure to protect payment processing systems. No ransomware was reported in the attack, but the theft of payment data aligns with financially motivated cybercrime, emphasizing vulnerabilities in e-commerce security protocols.

Source: https://www.maine.gov/agviewer/content/ag/985235c7-cb95-4be2-8792-a1252b4f8318/26a8bcb8-a1d5-45d2-8011-1f633722eaf7.shtml

TPRM report: https://www.rankiteo.com/company/malley-s-chocolates

"id": "mal042091825",
"linkid": "malley-s-chocolates",
"type": "Breach",
"date": "4/2021",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"

{'affected_entities': [{'industry': 'Food & Beverage (Confectionery)',
                        'location': 'Oregon, USA',
                        'name': 'Malley’s Chocolates',
                        'type': 'Private Company'}],
 'data_breach': {'data_exfiltration': 'Yes (unauthorized access to entered '
                                      'data)',
                 'personally_identifiable_information': 'Yes (names, contact '
                                                        'info)',
                 'sensitivity_of_data': 'High',
                 'type_of_data_compromised': ['Payment card data',
                                              'Personally identifiable '
                                              'information (PII)']},
 'date_publicly_disclosed': '2022-04-07',
 'description': 'The Oregon Department of Justice reported a data breach '
                'involving Malley’s Chocolates on April 7, 2022. The breach '
                'involved unauthorized access to payment card data entered on '
                'their e-commerce website between April 11, 2021, and March 2, '
                '2022, potentially affecting customer names, contact '
                'information, credit or debit card numbers, expiration dates, '
                'and CVV codes.',
 'impact': {'data_compromised': ['Customer names',
                                 'Contact information',
                                 'Credit/debit card numbers',
                                 'Expiration dates',
                                 'CVV codes'],
            'identity_theft_risk': 'High (payment card data exposed)',
            'payment_information_risk': 'High (full card details exposed)',
            'systems_affected': ['E-commerce website']},
 'references': [{'date_accessed': '2022-04-07',
                 'source': 'Oregon Department of Justice'}],
 'regulatory_compliance': {'regulatory_notifications': 'Reported by Oregon '
                                                       'Department of Justice'},
 'title': 'Malley’s Chocolates Data Breach (2022)',
 'type': 'Data Breach'}