Cyber Incident Victim: The Natural Online
Date:
Apr 2014
Location:
United States of America
Summary
A vitamin retailer's website suffered a cyberattack compromising customer payment card details, CVV codes, expiration dates, names, addresses, contact information, and account passwords during a multi-month intrusion period. The attacker infiltrated the company's systems before being detected, prompting immediate closure of the breach vector and malware removal. Affected individuals received notifications advising password changes alongside offers for complimentary identity theft protection services, while the organization implemented enhanced security measures. The CEO acknowledged risks of financial fraud and targeted scams stemming from the incident. Law enforcement was not engaged as the unidentified perpetrator remains at large amid ongoing internal investigations.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
Between April 22 and July 17, 2014, an attacker compromised TheNaturalOnline.com's computer system, exposing customer payment and personal data. The breach involved unauthorized access to names, addresses, email addresses, phone numbers, account passwords, credit/debit card numbers, card expiration dates, and CVV security codes. The Natural discovered the intrusion on July 15, 2014, and terminated the attacker's access point within two days on July 17. The company did not publicly disclose the number of affected customers despite external inquiries. Attack methodology centered on forced system entry and malware deployment, though technical specifics about the entry vector or malware type weren't detailed in public notifications. Customer data remained vulnerable throughout the nearly three-month intrusion window prior to detection.
The Natural initiated containment by removing attacker malware and implementing enhanced security measures, though specifics weren't provided. All impacted customers received breach notifications advising password changes and received one year of complimentary identity theft protection services. CEO Nick Barretta's notification letter warned victims about primary risks including credit card fraud, phishing attempts, web scams, and social engineering attacks stemming from the exposed data. Law enforcement had not been notified as of August 12, 2014, though internal investigations remained ongoing with the perpetrator still unidentified. The company's public disclosure occurred through California's official notification registry on August 12, 2014, nearly one month after closing the breach. No evidence suggested data misuse beyond initial compromise at time of reporting.