Cyber Incident Victim: Totally Promotional

On July 6, 2015, Totally Promotional, an Ohio-based internet seller of promotional products, received customer reports of unauthorized charges on payment cards previously used on its website. This prompted an internal investigation revealing that attackers had forcibly breached the company's systems, potentially accessing customer data between June 23 and July 10. The intrusion allowed unauthorized parties to obtain names, mailing addresses, email addresses, payment card account numbers, card expiration dates, and verification codes. Attackers implanted malware within the compromised systems during their unauthorized access period. The company did not publicly disclose the total number of affected individuals despite external inquiries. Customer notifications later confirmed the temporal scope of data exposure while emphasizing financial protections for victims.

Totally Promotional terminated the active intrusion upon detection and eliminated the attackers' access point. Security personnel removed all malware deployed during the breach and engaged external cybersecurity experts to conduct forensic analysis. The company implemented enhanced security measures following internal and external audits of its systems. All potentially impacted customers received direct notifications detailing the compromised data types and the attack timeline. Totally Promotional explicitly guaranteed zero liability for fraudulent charges stemming from the incident, assuming responsibility for financial repercussions. These corrective actions occurred alongside unspecified infrastructure hardening initiatives designed to prevent recurrence. The breach investigation concluded without public attribution of attacker identity or motive.