Cyber Incident Victim: Interstitial Cystitis Network

The Interstitial Cystitis Network (ICN), a California-based organization, began notifying customers of a payment card breach on October 26, 2015, following reports from customers who discovered their payment cards had been compromised. The breach impacted ICN’s Mail Order Center website (www.icnsales.com) between April 6, 2015, and October 1, 2015. Customers who placed orders during this seven-month period potentially had their name, address, phone number, email address, and payment card information exposed, including card numbers, expiration dates, and CVV codes. ICN confirmed the compromise occurred through a third-party vendor rather than a direct breach of their own systems. The organization initiated an investigation after being alerted by affected customers, leading to the discovery that an unnamed vendor’s password had been stolen, enabling unauthorized access to payment data.

In response to the breach, ICN reset all passwords associated with their systems to prevent further unauthorized access. Jill Osborne, ICN’s President and Founder, acknowledged the violation in a customer notification letter, emphasizing that the attackers targeted a website serving vulnerable patients dealing with pain and distress. Osborne disclosed that her personal credit card was also compromised during the incident, expressing solidarity with affected customers and apologizing for the inconvenience. The organization directed customers with questions or concerns to contact Osborne directly via phone, providing her personal contact number as a point of accountability. No evidence suggested data misuse beyond the initial card compromises, and ICN’s internal systems retained integrity throughout the incident.