Tommie Copper, Inc. suffered a data breach due to malware infiltrating its website, enabling unauthorized access to customer payment information over two distinct periods: November 10, 2017, to January 5, 2018, and January 21 to January 22, 2018. The breach exposed sensitive data of approximately 2,078 California residents, including customer names, addresses, phone numbers, email addresses, and credit/debit card details. The compromised payment information poses risks of financial fraud and identity theft. Notifications to affected individuals were initiated on July 11, 2018, months after the breach was contained. The incident highlights vulnerabilities in the company’s web security, particularly in safeguarding transactional data from cyber threats like malware-based attacks.
Source: https://oag.ca.gov/ecrime/databreach/reports/sb24-137818
TPRM report: https://www.rankiteo.com/company/tommie-copper
"id": "tom321091725",
"linkid": "tommie-copper",
"type": "Cyber Attack",
"date": "11/2017",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'customers_affected': '2,078 (California residents)',
'industry': 'Retail (Apparel/Health Products)',
'location': 'California, USA',
'name': 'Tommie Copper, Inc.',
'type': 'Private Company'}],
'attack_vector': 'Malware on website',
'customer_advisories': 'Notification letters sent to affected individuals '
'(July 11, 2018)',
'data_breach': {'data_exfiltration': 'Likely (malware designed to capture '
'payment data)',
'number_of_records_exposed': '2,078 (California residents '
'only; total may be higher)',
'personally_identifiable_information': ['Names',
'Addresses',
'Phone numbers',
'Email addresses'],
'sensitivity_of_data': 'High',
'type_of_data_compromised': ['Personal Information (PII)',
'Payment Information (PCI)']},
'date_publicly_disclosed': '2018-07-11',
'description': 'The California Office of the Attorney General reported that '
'Tommie Copper, Inc. experienced a data breach involving '
'unauthorized access to payment information through malware on '
'its website from November 10, 2017, to January 5, 2018, and '
'January 21 to January 22, 2018. Approximately 2,078 '
'California residents were affected, with potentially '
'compromised data including customer names, addresses, phone '
'numbers, email addresses, and credit/debit card information.',
'impact': {'data_compromised': ['Customer names',
'Addresses',
'Phone numbers',
'Email addresses',
'Credit/debit card information'],
'identity_theft_risk': 'High (payment information exposed)',
'payment_information_risk': 'High (credit/debit card information '
'exposed)',
'systems_affected': ['Website payment system']},
'initial_access_broker': {'entry_point': 'Website malware infection',
'high_value_targets': ['Payment processing system']},
'references': [{'source': 'California Office of the Attorney General'}],
'regulatory_compliance': {'regulations_violated': ['California Data Breach '
'Notification Law '
'(likely)'],
'regulatory_notifications': ['California Office of '
'the Attorney '
'General']},
'response': {'communication_strategy': 'Notification letters to affected '
'individuals (started July 11, 2018)'},
'title': 'Tommie Copper, Inc. Data Breach (2017-2018)',
'type': 'Data Breach'}