Cyber Incident Victim: Omeganet
Date:
May 2014
Location:
United States of America
Summary
Dennis East International experienced two security breaches through its third-party web host Omeganet, impacting retailers who placed orders during overlapping periods. The first incident involved phishing emails targeting customer credit card information, while the second involved a system hack compromising userIDs, credit card details, names, email addresses, billing and shipping information, and telephone numbers. Affected individuals were advised to contact credit card companies and remain vigilant but were not provided credit monitoring services.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 2 motives | 2 techniques |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
Dennis East International (DEI) experienced two cybersecurity incidents in 2014 involving its website, hosted by third-party provider Omeganet (also known as CAMEO EZ) of Georgia. The first breach occurred between June 1 and June 13, 2014, affecting an unspecified number of DEI's retail customers who placed orders through the website during this period. Omeganet alerted DEI that affected customers might have received phishing emails attempting to collect their credit card information. A separate, more severe intrusion was detected between May 28 and June 13, 2014, when Omeganet confirmed their systems had been compromised by hackers. This second breach exposed comprehensive customer data including userIDs, credit cardholder names, card numbers with expiration dates, customer names, email addresses, billing and shipping addresses, and telephone numbers. Both incidents occurred within overlapping timeframes, with the second breach encompassing a slightly broader 17-day window compared to the 13-day duration of the first phishing-related compromise.
DEI notified affected customers following Omeganet's disclosures, advising them to contact their credit card issuers and maintain vigilance against potential fraud. The company did not provide credit monitoring services to impacted individuals. DEI submitted breach notifications to the New Hampshire Attorney General's Office, making a copy publicly available through their documentation. The compromised data exposed customers to heightened risks of financial fraud and identity theft due to the comprehensive nature of the stolen payment card details and personally identifiable information. The dual incidents highlighted vulnerabilities in DEI's third-party web hosting arrangement, with both breaches being detected through Omeganet's internal monitoring rather than DEI's own systems. The response focused exclusively on consumer notification and basic fraud prevention guidance without public disclosure of technical remediation measures taken by either DEI or Omeganet.