The company recently notified its customers that they discovered malware lurking on their payment processing page.
For reasons that aren’t yet clear, the company did not detect the malicious code for some four months. They estimate that the malware was active between October 29, 2018 and March 4, 2019.
Aerogrow has notified the FBI and enlisted the aid of a third party to assist with the forensic investigation, which is ongoing. At present, the company is unable to determine how many of its customer records were compromised.
To this point, they have confirmed that among impacted customers, the following information was taken:
- Credit or Debit card number
- Expiration date
- Security Code
- Any personal data the customer may have used to verify processing of the payment in question
Grey Gibbs, the AeroGrow Senior VP of Finance and Accounting issued a formal apology in the aftermath of the incident, saying, “I want to sincerely apologize for this incident and I regret any inconvenience it may have caused you. I want to assure you that we take this criminal act very seriously and have addressed it thoroughly.”
The company’s response has been generally good, and they’ve offered a year of free credit monitoring to all impacted customers. However, that’s small consolation to those who now have to deal with the prospect that their identities may have been stolen and may face fraudulent charges on their credit cards in the weeks and months ahead.
If you’re an AeroGrow customer, to be safe, report your payment card as compromised and take whatever other steps you deem necessary to protect your identity.