The Vermont Office of the Attorney General disclosed a data breach affecting SeneGence (SGII), an e-commerce company, on November 21, 2024. The incident occurred on July 22, 2024, when an unknown threat actor exploited a fraudulent checkout page on the company’s platform, potentially gaining unauthorized access to customers' personal and financial information. Compromised data included names, addresses, phone numbers, and credit card details. The breach stemmed from a malicious manipulation of the e-commerce payment system, allowing attackers to intercept sensitive transaction data. While the full scope of misuse remains under investigation, the exposure of payment card information poses significant risks, including fraudulent transactions, identity theft, and financial losses for affected customers. The company has not confirmed whether the breach resulted in direct monetary theft or secondary fraud, but the compromise of credit card data alone elevates the incident’s severity. SeneGence has likely initiated remediation measures, such as notifying impacted individuals, enhancing security protocols, and collaborating with law enforcement. However, the breach underscores vulnerabilities in e-commerce payment processing, particularly against phishing or skimming attacks designed to harvest financial data during transactions.
Source: https://ago.vermont.gov/document/2024-11-21-sgii-dba-senegence-data-breach-notice-consumers
TPRM report: https://www.rankiteo.com/company/senegenceinternational
"id": "sen632090125",
"linkid": "senegenceinternational",
"type": "Breach",
"date": "7/2024",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'industry': 'Cosmetics / E-commerce',
'name': 'SGII (dba SeneGence)',
'type': 'Company'}],
'attack_vector': 'Fraudulent Checkout Page (E-commerce Platform)',
'data_breach': {'data_exfiltration': 'Likely (Accessed via Fraudulent '
'Checkout Page)',
'personally_identifiable_information': ['Names',
'Addresses',
'Phone Numbers'],
'sensitivity_of_data': 'High',
'type_of_data_compromised': ['Personal Information',
'Financial Information']},
'date_detected': '2024-11-21',
'date_publicly_disclosed': '2024-11-21',
'description': 'The Vermont Office of the Attorney General reported a data '
'breach involving SGII, doing business as (dba) SeneGence. An '
'unknown threat actor potentially accessed personal '
'information through a fraudulent checkout page on the '
'e-commerce platform, compromising names, addresses, phone '
'numbers, and credit card information.',
'impact': {'brand_reputation_impact': 'Potential Negative Impact (Data Breach '
'Disclosure)',
'data_compromised': ['Names',
'Addresses',
'Phone Numbers',
'Credit Card Information'],
'identity_theft_risk': 'High (Personal and Financial Data Exposed)',
'payment_information_risk': 'High (Credit Card Information '
'Compromised)',
'systems_affected': ['E-commerce Platform']},
'initial_access_broker': {'entry_point': 'Fraudulent Checkout Page',
'high_value_targets': ['Customer Payment Data']},
'investigation_status': 'Disclosed (Ongoing or Completed Status Unknown)',
'references': [{'date_accessed': '2024-11-21',
'source': 'Vermont Office of the Attorney General'}],
'regulatory_compliance': {'regulatory_notifications': ['Vermont Office of the '
'Attorney General']},
'response': {'communication_strategy': 'Public Disclosure via Vermont '
'Attorney General'},
'threat_actor': 'Unknown',
'title': 'Data Breach at SeneGence (SGII) via Fraudulent Checkout Page',
'type': 'Data Breach'}