Cyber Incident Victim: Padlocks4Less
Date:
Aug 2015
Location:
United States of America
Summary
Frank J. Martin Company notified individuals who made purchases on the Padlocks4Less website that their personal information, including names, addresses, phone numbers, email addresses and payment card data, may have been accessed without authorization. The FBI informed the company that the data could have been compromised, prompting the site to be taken down and additional security measures to be implemented. An FBI investigation remains ongoing, and all potentially affected individuals are being notified, with the company stating it is unaware of any link to fraudulent activity.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 3 techniques |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
Frank J. Martin Company began notifying customers of the Padlocks4Less website after receiving information from the FBI that payment card data may have been accessed without authorization. The notification disclosed that an unspecified number of individuals who had made purchases on the site were potentially affected. The personal information that could have been compromised includes names, mailing addresses, telephone numbers, email addresses, and payment card details. According to the FBI, the unauthorized access is believed to have occurred sometime between June 3, 2015 and August 26, 2015. The exact method by which the data was accessed and the identity of any responsible party remain unknown based on the available information. Upon learning of the potential breach, the company took the Padlocks4Less website offline to prevent further unauthorized access. In addition to taking the site down, the company implemented additional security measures intended to hinder similar incidents in the future.

The Federal Bureau of Investigation opened an investigation into the incident and continues to examine the circumstances surrounding the alleged access. As part of the response, Frank J. Martin Company is sending notification letters to all individuals whose information may have been exposed. The notification letter includes a statement that the company is not aware of any connection between this breach and subsequent cases of fraud. The source of the disclosed information is a consumer notice published by the Vermont Attorney General’s office on September 22, 2015. No further specifics regarding the number of affected individuals, the precise nature of the security measures, or the outcome of the FBI inquiry have been made public. The incident remains documented as a potential compromise of payment card and personal data associated with the Padlocks4Less online store.
