Cyber Incident Victim: Mohu
Date:
Jun 2015
Location:
United States of America
Summary
A consumer electronics company experienced a security breach where attackers compromised its website, inserted malicious code, and exfiltrated customer data including names, addresses, contact details, and full credit card information with CVV codes. Approximately 2,500 individuals were impacted, with at least one confirmed case of fraudulent credit card activity linked to the incident. The malicious code was detected and removed after nearly two months of unauthorized access. The company engaged external security consultants, enhanced its protective measures, notified affected customers, and provided complimentary credit monitoring services for one year.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
In June and July 2015, attackers compromised the website of Mohu, a North Carolina-based consumer electronics division of GreenWave Scientific, Inc. The breach targeted www.gomohu.com, with unauthorized access occurring between June 3 and July 28, 2015. During this period, intruders penetrated Mohu's security systems and inserted malicious code into the company's computer infrastructure. This malicious activity enabled the theft of sensitive customer data, including names, physical addresses, email addresses, telephone numbers, credit card numbers, expiration dates, and CVV security codes. Approximately 2,500 customers were affected by the data exfiltration. Mohu detected and eradicated the malicious code from its systems on July 28, 2015, marking the end of the active compromise window. Evidence of fraudulent credit card usage linked to the breach emerged publicly, with at least one Twitter user reporting unauthorized transactions. The stolen CVV codes—normally prohibited from storage under payment card industry standards—indicated potential compliance failures in Mohu's data handling practices.
Mohu initiated multiple response measures following the breach discovery. The company engaged two external security consulting firms to audit affected systems and recommend electronic security improvements, as documented in an August 10, 2015 notification to the New Hampshire Attorney General's Office. A comprehensive review of potentially compromised computer systems was conducted alongside the implementation of enhanced security protocols designed to prevent recurrence. Mohu notified all impacted customers and provided free credit monitoring services for one year. The breach timeline suggests attackers maintained persistent access for nearly eight weeks before detection. While the specific attack vector remained unspecified in disclosures, the insertion of malicious code into Mohu's systems facilitated continuous data harvesting throughout the compromise period. Financial fraud incidents tied to the stolen payment card data confirmed the operational impact on victims.