If you bought ice cream, chocolates or other delectables online from Graeter’s Ice Cream, check your mailbox.
The Cincinnati-based company, family operated since 1870, sent approximately 12,000 letters to customers who purchased items at graeters.com to notify them of a data breach.
“It’s just very frustrating to feel like you want to use your credit card or your debit card and you’ve got the hackers and they are trying to steal your information. It’s just very disappointing,” said Sheila Krasofsky of Centerville.
The letter, from company President Richard Graeter, states:
"We were recently made aware by the payment card networks of patterns of unauthorized charges occurring on cards after they were legitimately used on Graeter's website ...
Data that may have been copied by an authorized code on the website’s checkout page includes the customer’s “first and last name, address, telephone number, fax number, payment card type, payment card number, expiration date and verification code,” the letter stated.
The code may have been present from June 28, 2018, to Dec. 17, 2018.
University of Dayton cyber security expert David Salisbury said unfortunately, this type of attack is common.
“The fact of the matter is there’s a lot of people who spend a lot of their time figuring out ways to break into websites and make money off of it, and as a consequence, somebody gets caught no matter how much you try to put in defenses,” he said.
Salisbury recommends using virtual credit card numbers, if your card issuer offers them, and report any suspicious charges immediately.
Graeter’s is encouraging its online customers to review account statements for any unauthorized activity and report incidents to card issuers.
The letter also states that Graeter’s is working to enhance its security with password resets and scans for malicious code.