Cyber Incident Victim: Hammer Nutrition
Date:
Jan 2018
Location:
United States of America
Summary
Hammer Nutrition experienced a cybersecurity breach when attackers compromised their third-party website provider's systems via malware, enabling unauthorized access to customer payment card data during online transactions. The compromised information included debit/credit card numbers, expiration dates, and validation codes. Following the discovery, the website provider collaborated with a cybersecurity firm to eliminate the malware, implemented a web application firewall, and enhanced monitoring protocols. The company transitioned to a third-party payment processor to securely handle customer payment information, affirming the website's safety for future transactions. No additional personal data beyond payment details was accessed during the incident.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 2 techniques |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
Hammer Nutrition experienced a cybersecurity incident involving unauthorized access to customer payment card data processed through its e-commerce platform. The breach occurred due to a compromise of systems operated by the company's third-party website provider. Attackers deployed malware on the provider's servers, enabling interception of transaction data between January and October 2018. The intrusion remained active for approximately ten months before detection and remediation. Exposed information included debit/credit card numbers, expiration dates, and three-digit validation codes (CVV/CVC) used for online purchases. No other customer data beyond payment card details was accessed during the incident. Hammer Nutrition became aware of the breach through its website provider's investigation, though the specific detection method was not disclosed in their notification. The company confirmed the attackers exclusively targeted financial transaction data processed through the compromised e-commerce infrastructure during the intrusion period.
Upon discovering the breach, Hammer Nutrition collaborated with its website provider to implement multiple security enhancements. The provider engaged a cybersecurity firm to identify and eradicate the malicious code from their systems. A web application firewall was deployed to monitor and filter incoming traffic to the platform. Hammer Nutrition migrated all payment processing to a third-party hosted provider to isolate sensitive financial data from direct website interactions. These measures allowed the company to declare its e-commerce platform fully secured for credit card transactions post-remediation. Affected customers received direct notification via mail describing the breach scope and remediation steps. The company established a dedicated phone line during business hours for customer inquiries but did not offer complimentary credit monitoring services. CEO Brian Frank issued a public apology acknowledging the breach's impact on customer trust while emphasizing ongoing investments in security infrastructure. The incident prompted organizational changes to payment processing workflows and third-party vendor oversight protocols.