Cyber Incident Victim: BetterBee Inc.

On March 24, 2015, BetterBee disclosed a cybersecurity incident involving unauthorized access to customer payment card information through a notification to the New Hampshire Attorney General’s Office. The breach originated from a compromise at WebSite Pipeline (WSP), BetterBee’s ecommerce hosting provider, where attackers infiltrated one of WSP’s primary computer systems. Hackers first obtained passwords belonging to WSP’s clients, including BetterBee, and subsequently used these credentials to deploy malware designed to extract payment card data from affected websites. The initial intrusion occurred on March 3, 2015, with WSP detecting and neutralizing the malicious activity seven days later on March 10. BetterBee publicly acknowledged the incident through a PDF notice on their website but did not specify whether the attackers successfully exfiltrated data or the volume of records involved.

The breach impacted an undisclosed number of WSP’s clients and their respective customers, though neither WSP nor BetterBee quantified the total affected entities or individuals. WSP’s containment actions on March 10 terminated the attackers’ access, preventing further data exfiltration after that date. BetterBee’s notification to regulatory authorities confirmed the exposure of payment card details but omitted technical specifics about the malware, attack vectors beyond credential misuse, or whether data encryption or other safeguards were bypassed. No customer-facing remediation steps, such as credit monitoring offers, were detailed in the available disclosure. The scope of compromised data across WSP’s client base remained unresolved in public reporting, with no subsequent updates clarifying the breach’s full extent or forensic findings.