Hackers Release Hudson Valley Foie Gras Customer Information

[Erica Absetz <erica () riskbasedsecurity com>]

http://www.thedailymeal.com/hackers-release-hudson-valley-foie-gras-customer-information

Whoops, looks like a couple of foie gras lovers got some unexpected
Earth Day surprises. Yesterday, it was announced that Hudson Valley
Foie Gras's website was hacked Monday and Tuesday, giving hackers
access to more than 1,200 customer names, addresses, credit card
types, purchases, and email addresses.

Animal rights activists took credit for the takedown, with the North
American Animal Liberation Press Office sending the information
toNegotiation Is Over. "We temporarily took down their website... and
online store, and uncovered name/address/phone number/credit card
details for over 1,200 customers who purchased foie gras and duck
flesh products between June 2012 and April 2013," the hackers wrote,
listing several customers' contact information and purchasing orders.

The OC Register notes that at least one chef, Laguna Beach chef Amar
Santana, has been receiving harassing calls from activists since the
information went public. "It is illegal to sell [foie gras] or
whatever, but you are telling me it is OK to blast personal
information like that online? That is more illegal than anything
else," he told the Register.

Since then Hudson Valley Foie Gras has responded to the hacking, Eater
reports, with a complete statement assuring customers that their
credit card information was not compromised. "We use Authorize.Net for
credit card processing, which provides security for credit card
transactions. It is our understanding credit cards are not
compromised. This criminal action has been reported and is being
investigated by state and federal authorities," the full statement
said.

This isn't the first time Hudson Valley Foie Gras has been targeted by
activists; most recently, the Animal Legal Defense Fund and Regal
Vegan sued the foie gras company for false advertising, as it calls
its product the "humane choice."
_______________________________________________
Dataloss-discuss Mailing List (dataloss-discuss () datalossdb org)
Archived at http://seclists.org/dataloss/
Unsubscribe at http://datalossdb.org/mailing_list

Supporters:

Risk Based Security (http://www.riskbasedsecurity.com/)
Risk Based Security equips organizations with security intelligence, risk
management services and on-demand security solutions to establish
customized risk-based programs to address information security and
compliance challenges. 

Tenable Network Security (http://www.tenable.com/)
Tenable Network Security provides a suite of solutions which unify real-time
vulnerability, event and compliance monitoring into a single, role-based, interface
for administrators, auditors and risk managers to evaluate, communicate and
report needed information for effective decision making and systems management.