Cyber Incident Victim: ClamCase
Date:
Apr 2014
Location:
United States of America
Summary
Hackers infiltrated ClamCase's website, compromising customer purchase data including names, addresses, and credit card details over a multi-month period. The intrusion, distinct from Backoff PoS malware attacks, was independently discovered by the company, which removed malicious components and secured its systems. While the exact number of affected individuals remains undisclosed, impacted customers were offered identity theft insurance, consultation, and restoration services requiring self-activation. The organization collaborated with third-party experts and law enforcement to address the breach, emphasizing that no delayed notification resulted from external investigations.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
In mid-2014, ClamCase, a manufacturer of keyboards and protective cases for iPads, experienced a cybersecurity breach where unidentified attackers infiltrated its systems and accessed customer payment data. The intrusion occurred between April 15 and August 6, 2014, targeting a database on the company’s website. Hackers exfiltrated purchase-related information including customer names, physical addresses, and credit card details. ClamCase confirmed the compromise was not detected through law enforcement alerts, indicating internal discovery of the incident. The company did not disclose the number of affected customers in its notifications. Forensic evidence suggested the attack methodology differed from the Backoff point-of-sale malware prevalent during that period, implying alternative intrusion vectors were exploited. By August 29, 2014, ClamCase had notified impacted individuals about the data exposure through direct communications.
ClamCase responded by removing malicious components from its infrastructure and restoring secure purchase capabilities prior to its public disclosure. The company engaged third-party cybersecurity experts and collaborated with law enforcement agencies to investigate the breach, emphasizing that no delays in customer notification resulted from these investigations. As remediation for potential identity theft risks, ClamCase offered complimentary risk mitigation services to affected customers, including identity theft insurance coverage, consultation services, and identity restoration assistance. Recipients were required to proactively activate these protective measures themselves. The company’s communications confirmed system remediation but provided no specifics regarding forensic findings about attacker origins, persistence mechanisms, or whether data exfiltration was confirmed beyond initial access.