Cyber Incident Victim: AeroGrow International

AeroGrow International, Inc., a Colorado-based company operating the AeroGarden.com website, publicly disclosed a cybersecurity incident on June 2, 2015, following its discovery of malware infiltration affecting customer payment systems. The company learned on May 5, 2015, that malicious software had likely compromised its online servers during a six-month period spanning October 15, 2014, to April 27, 2015. This breach potentially exposed payment card information submitted by customers during online purchases, including cardholder names, billing addresses, payment card account numbers, expiration dates, and CVV/CVC security codes. AeroGrow did not disclose the exact number of affected individuals but confirmed all customers transacting within the vulnerability window could have been impacted. According to company statements, the malware operated by intercepting payment data during the brief transmission interval between customer input and encrypted forwarding to external payment processors. AeroGrow emphasized it did not store credit card information internally at any point during transactions.

The company initiated containment measures immediately upon identifying the breach, eradicating the malware from its systems within days of the May 5 discovery. AeroGrow notified law enforcement agencies about the incident and began directly contacting all potentially affected customers by June 2, 2015, offering complimentary identity protection services to mitigate fraud risks. Internal investigations confirmed the malware's elimination and declared the AeroGarden.com platform secure for future transactions. President and CEO J. Michael Wolfe reiterated in customer notifications that the breach exclusively targeted real-time transaction data during the specified timeframe, with no historical or stored payment information accessed. No additional technical details regarding malware variants, attack vectors, or threat actors were disclosed in the public notification.