Cyber Incident Victim: Flinn Scientific

Flinn Scientific experienced a security breach impacting customers who made purchases on its website between May 2 and September 8, 2014. The company discovered unauthorized access to its internet store server on September 8, determining that an attacker had deployed malware to intercept customer payment card data and personal information during the four-month window. Compromised data included names, physical addresses, email addresses, payment card numbers, card verification codes, and expiration dates. The malware specifically targeted the server hosting Flinn Scientific's online storefront, enabling the attacker to capture transactional information as customers submitted it. The company did not disclose the total number of affected individuals despite external inquiries about the breach's scope.

Upon detecting the intrusion, Flinn Scientific eliminated the malware and blocked further unauthorized server access. The company implemented additional security measures designed to prevent recurrence through the specific attack vector exploited by the threat actor. All impacted customers received direct notifications about the compromise of their payment card details and personal information. As remediation, Flinn Scientific offered affected individuals a complimentary year of identity theft protection and credit monitoring services. President William Wolford stated in the notification letter that continuous monitoring confirmed no additional unauthorized data access occurred after September 8. The breach details and consumer notification template were subsequently published by the California Office of the Attorney General on October 2, 2014.