Malware-related data breach touches 15,000 BevMo customers

The popular alcohol-seller BevMo experiences a data breach revealing 15,000 customers' credentials

BevMo customers' exposed credentials included CVVs.

BevMo, also known as Beverages & More,^[1] is an alcohol-selling company that is known worldwide. This organization started its activity in 1994 and has almost 150 stores all over the world. Sadly, the company has recently experienced a data breach which affected around 15,000 of their customers who were using the company's online services.

According to the information provided by BevMo to the California attorney general's office, a hacker injected malware in the company's website which led to the exposure of sensitive information. The malware-related code was created to steal various information related to BevMo customers which included credentials such as names, surnames, credit or debit card codes, dates of expiration, addresses, and even the three-number security codes, known as CVVs.^[2]

Affected ones are most likely to be customers who used services between August and September

The Associated Press has claimed in a report that the victims are those people who have been ordering goods from the company from August 2 to September 26 on the BevMo online website.^[3] Even though the company has taken actions and got rid of the dangerous malware from its checkout page with the help of NCR Corporation, some customers' private information is still in danger.

However, the NCR Corporation is now investigating the case further together with another firm. Recently, BevMo has been making contact with law agencies and credit card firms to put its part into this investigation. BevMo informs its customers about such risks and provides a phone number which can be used to make contact with the company and discuss all problems: (877) 565-6276.

Many companies worldwide are struggling with data breaches daily

Almost every day, experts report about a new data breach which affects numerous people worldwide. Such information exposures are putting into trouble even those organizations that have been considered to be the safest ones. Some of them appear due to the lack of protection, other breaches are launched by hackers who seek to gain benefit from users' personal details.

For example, a well-known company Glick2Gov has lately experienced a couple of data breaches in a row. In this case, crooks made an amusing amount of money – $1.7 million from selling the exposed information on the Dark Web. This hacking attempt led to the theft of around 300,000 sensitive details which were widely exposed throughout the Internet sphere and put up for selling.^[4]

Other worldwide companies, such as Google+, have been dealing with data breaches due to some security vulnerabilities related to the API^[5] or are caused because an administrator left an important server unprotected.

All these examples let us speculate that people do not pay enough attention to security requirements which causes big trouble in the future. Our recommendation would be to start thinking about your own safety also. Do not provide any unnecessary details if you are not asked to, and do not register any accounts you do not truly need. Furthermore, using strong and symbol-containing passwords plus two-factor identification also increases your online protection.^[6]