Cyber Incident Victim: Craftsman Book Company

On May 27, 2014, Craftsman Book Company detected unauthorized activity on its Craftsman-book.com website, which primarily served home improvement contractors and do-it-yourself customers. The company responded within 24 hours by issuing a password change recommendation to affected users on May 28, indicating initial concerns about compromised account security. Subsequent investigation revealed the breach extended beyond basic account access, with attackers compromising credit card files containing payment information. The company identified specific fraudulent transaction patterns linked to the breach, including unauthorized $100 charges labeled as "Starbucks Card Reload" and purchases made through online retailer Zappos.com. Craftsman Book Company formally notified approximately 11,000 affected customers through physical mail and electronic communications, advising them to monitor financial accounts for suspicious activity.

The company filed a data breach notification with the California Attorney General's office, confirming the exposure of credit and debit card details that could facilitate fraudulent transactions. While the exact duration of unauthorized access wasn't disclosed, the timeline indicates attackers operated undetected until the May 27 discovery. The incident impacted customers who had purchased construction-related materials through the e-commerce platform, with financial institutions likely bearing liability for fraudulent charges under standard payment card regulations. Craftsman Book Company's response included both immediate password resets and subsequent fraud alerts, though no additional remediation measures were specified in the public notification. The breach represented a significant operational disruption for the specialty publisher, requiring coordinated customer communications and regulatory compliance actions within a three-week period between initial detection and public disclosure by June 12.