The Maine Office of the Attorney General disclosed a data breach affecting **Vaporfi.com** (and its associated platform, Directvapor.com) on **December 21, 2020**. The incident stemmed from **unauthorized access to the company’s online payment platform**, discovered on **September 23, 2020**. The breach exposed **credit and debit card information** of **10,544 individuals**, including **3 Maine residents**. While the exact method of intrusion remains undisclosed, the compromise of financial data suggests a targeted cyber intrusion aimed at exploiting payment processing vulnerabilities. The exposed information poses risks of **fraudulent transactions, identity theft, and financial losses** for affected customers. The breach underscores the critical need for robust payment system security, particularly in e-commerce platforms handling sensitive financial data. No evidence suggests broader data exfiltration beyond payment details, but the incident highlights vulnerabilities in third-party payment integrations or internal security controls.
TPRM report: https://www.rankiteo.com/company/turning-point-brands-inc.
"id": "tur1006091725",
"linkid": "turning-point-brands-inc.",
"type": "Cyber Attack",
"date": "9/2020",
"severity": "60",
"impact": "2",
"explanation": "Attack limited on finance or reputation"{'affected_entities': [{'customers_affected': '10,544 (3 in Maine)',
'industry': 'Vaping/Retail',
'name': 'Vaporfi.com',
'type': 'E-commerce'},
{'customers_affected': '10,544 (3 in Maine)',
'industry': 'Vaping/Retail',
'name': 'Directvapor.com',
'type': 'E-commerce'}],
'data_breach': {'data_exfiltration': 'Likely (unauthorized access to payment '
'platform)',
'number_of_records_exposed': '10,544',
'personally_identifiable_information': 'Partial (payment card '
'details)',
'sensitivity_of_data': 'High',
'type_of_data_compromised': ['payment card data']},
'date_detected': '2020-09-23',
'date_publicly_disclosed': '2020-12-21',
'description': 'The Maine Office of the Attorney General reported a data '
'breach involving Vaporfi.com and Directvapor.com on December '
'21, 2020. The breach was discovered on September 23, 2020, '
'due to unauthorized access to the online payment platform, '
'potentially affecting 3 Maine residents and a total of 10,544 '
'individuals, exposing credit and debit card information.',
'impact': {'data_compromised': ['credit card information',
'debit card information'],
'identity_theft_risk': 'High (payment card data exposed)',
'payment_information_risk': 'High (credit/debit card data exposed)',
'systems_affected': ['online payment platform']},
'initial_access_broker': {'high_value_targets': ['payment card data']},
'references': [{'source': 'Maine Office of the Attorney General'}],
'regulatory_compliance': {'regulatory_notifications': 'Maine Attorney '
'General'},
'response': {'communication_strategy': 'Public disclosure via Maine Attorney '
'General'},
'title': 'Data Breach at Vaporfi.com and Directvapor.com',
'type': 'Data Breach'}