In January 2019, North Country Business Products, Inc. experienced a data breach caused by malware deployed across 142 of its business partner restaurants. The incident, reported by the California Office of the Attorney General on February 15, 2019, exposed sensitive customer payment data, including cardholder names, credit/debit card numbers, expiration dates, and CVV codes. The breach occurred over a three-week period (January 3–24, 2019), though the exact number of affected individuals was not disclosed. The compromised data poses significant risks of financial fraud, unauthorized transactions, and identity theft for customers whose payment details were accessed. The breach highlights vulnerabilities in the company’s cybersecurity measures, particularly in safeguarding third-party systems linked to its operations. While the full scope of the impact remains unclear, the exposure of payment card data especially CVV codes suggests a high potential for direct financial harm to affected individuals.
Source: https://oag.ca.gov/ecrime/databreach/reports/sb24-144733
TPRM report: https://www.rankiteo.com/company/north-country-business-products
"id": "nor557091725",
"linkid": "north-country-business-products",
"type": "Breach",
"date": "1/2019",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'customers_affected': 'Unknown (142 business partner '
'restaurants indirectly '
'affected)',
'industry': 'Business Services / Payment Processing',
'location': 'California, USA',
'name': 'North Country Business Products, Inc.',
'type': 'Business'},
{'customers_affected': 'Unknown (customers who used '
'payment cards at these '
'locations during the breach '
'window)',
'industry': 'Hospitality / Food Services',
'name': '142 Unnamed Business Partner Restaurants',
'type': 'Business'}],
'attack_vector': 'Malware',
'data_breach': {'data_exfiltration': 'Likely (malware typically exfiltrates '
'data)',
'number_of_records_exposed': 'Unknown',
'personally_identifiable_information': ['Cardholder Name '
'(linked to payment '
'cards)'],
'sensitivity_of_data': 'High',
'type_of_data_compromised': ['Payment Card Data (PCI)']},
'date_detected': '2019-01-24',
'date_publicly_disclosed': '2019-02-15',
'description': 'The California Office of the Attorney General reported a data '
'breach involving North Country Business Products, Inc. The '
'breach occurred between January 3, 2019, and January 24, '
'2019, and involved malware deployment at 142 business partner '
'restaurants. Customer credit and debit card information, '
'including cardholder name, credit card number, expiration '
'date, and CVV, was potentially compromised. The number of '
'individuals affected remains unknown.',
'impact': {'data_compromised': ['cardholder name',
'credit card number',
'expiration date',
'CVV'],
'identity_theft_risk': 'Potential (due to compromised PII in '
'payment card data)',
'payment_information_risk': 'High (full payment card details '
'exposed)',
'systems_affected': ["142 business partner restaurants' payment "
'systems']},
'initial_access_broker': {'data_sold_on_dark_web': 'Possible (typical for '
'payment card breaches)',
'high_value_targets': ['Payment card data from 142 '
'restaurants']},
'references': [{'date_accessed': '2019-02-15',
'source': 'California Office of the Attorney General'}],
'regulatory_compliance': {'regulations_violated': ['Potential violation of '
'California Civil Code § '
'1798.82 (data breach '
'notification law)',
'Potential PCI DSS '
'non-compliance'],
'regulatory_notifications': ['California Office of '
'the Attorney '
'General']},
'response': {'law_enforcement_notified': 'Yes (reported to California Office '
'of the Attorney General)'},
'title': 'Data Breach at North Country Business Products, Inc. Affecting 142 '
'Business Partner Restaurants',
'type': 'Data Breach (Malware)'}