Cyber Incident Victim: AeroGrow International
Date:
Oct 2018
Location:
United States of America
Summary
AeroGrow International experienced a cybersecurity incident where attackers deployed credit card scraping malware on its e-commerce platform, compromising customer payment information over several months. The breach resulted in the theft of credit card numbers, expiration dates, and security codes from transactions processed during the affected period, enabling potential fraudulent purchases. The malware operated by intercepting data entered into the website's payment forms, with the stolen information transmitted to attacker-controlled servers. This incident aligns with common web-based payment skimming tactics employed by threat actors targeting online retailers, though the specific perpetrators were not identified by the company. The organization did not disclose the total number of impacted customers.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
AeroGrow International, manufacturer of the AeroGarden indoor gardening system, experienced a cybersecurity incident involving unauthorized access to customer payment data. Between October 29, 2018, and March 4, 2019, attackers deployed credit card scraping malware on the company's e-commerce platform. This malware captured customers' credit card numbers, expiration dates, and card verification values (CVV) as they entered payment information during online purchases. The breach persisted undetected for over four months, exposing all transactions processed through the website during this period. AeroGrow disclosed the incident through customer notification letters in April 2019, confirming that the stolen data elements provided sufficient information for fraudulent transactions. The company did not publicly specify the number of affected customers or whether international purchasers were impacted.
The attack methodology aligned with patterns observed in other web-based payment card breaches, where threat actors exploit vulnerabilities in website shopping cart systems to inject malicious code. This code operated at the point of sale, intercepting and exfiltrating payment details before encryption, with the data transmitted to attacker-controlled servers. Security researchers noted similarities to Magecart-style attacks, though AeroGrow did not attribute the incident to any specific threat group. The breach's duration indicated delayed detection capabilities, with containment measures implemented by March 4, 2019. AeroGrow's public disclosure occurred approximately one month after remediation, consistent with breach notification timelines. The incident occurred amidst a broader trend of payment card compromises affecting major retailers and service providers, including British Airways, Ticketmaster, and Newegg, during the same period.