Cyber Incident Victim: DrBenLynch.com

DrBenLynch.com, a commercial website specializing in naturopathic research and supplements, experienced a cybersecurity incident involving unauthorized access to customer payment information. Between September 8 and October 2, 2018, attackers executed a code injection attack on the website’s infrastructure, compromising the checkout process used for customer orders. This malicious code enabled the theft of sensitive payment card data, including cardholder names, billing addresses, email addresses, payment card numbers, expiration dates, and security codes (CVV). The breach did not extend to genetic data submitted for the site’s StrateGene analysis service or other non-transactional information. The operational impact became evident when the website became temporarily inaccessible, displaying a maintenance message during the investigation period.

The company initiated incident response procedures by securing the website environment and removing the malicious code. Affected customers received direct notifications detailing the compromised data types and the specific timeframe of exposure. DrBenLynch.com also reported the breach to multiple state attorneys general offices in compliance with regulatory obligations. Forensic analysis confirmed the attackers exclusively targeted payment processing systems, limiting the breach’s scope to financial information submitted during online purchases. No evidence indicated misuse of stolen data prior to containment, though the notification advised customers to monitor financial statements for unauthorized activity.