Menu
Browse

Cyber Incident Victim: Padlocks4Less

Date:

Aug 2015

Location:

United States of America

Summary

Frank J. Martin Company notified an undisclosed number of individuals who made purchases on the Padlocks4Less website that their personal information, including names, addresses, phone numbers, email addresses and payment card data, may have been accessed without authorization. The website was taken down, security measures were put in place, and an FBI investigation is ongoing while all potentially affected individuals are being notified; it remains unclear how the data was accessed or by whom.

CIA Posture Motives Tactics, Techniques & Procedures
Available to members 1 motive 3 techniques
Threat Actors Type Location
0 actors Available to members Available to members

Description

Frank J. Martin Company notified an undisclosed number of individuals who made purchases on the Padlocks4Less website that their personal information, including names, addresses, phone numbers, email addresses and payment card data, may have been accessed without authorization. The FBI informed the company that credit card data used on the website may have been accessed without authorization. The FBI believes the information was potentially accessed between June 3 and August 26, 2015. It is unclear how the information could have been accessed and who may have accessed it. The notification letter stated that the company was not aware of any connection between this breach and cases of fraud. The incident was disclosed publicly on September 22, 2015, via a source from ago.vermont.gov.

Cyber Incident Image

In response, the Padlocks4Less website was taken down. Measures to prevent similar attempts in the future were implemented. An FBI investigation into the incident remains ongoing. All potentially affected individuals are being notified about the possible compromise. The notification outlined the types of personal information that may have been exposed. No further details about the attack vector or perpetrators have been released. The company has not reported any confirmed fraud linked to the exposed data. The timeline of potential exposure spans roughly three months in mid‑2015. The ongoing FBI investigation continues to examine the breach. The company has not disclosed the total number of individuals impacted. The notification letter emphasized the lack of known fraud connections at that time.

Sources
Sources available to members
1 source