It is unclear how many customers were affected by the incident. While it doesn’t appear that every customer who visited the website during the two month period was victimized, Edwards said, the company is notifying anyone potentially affected. It is also offering customers a year of credit monitoring and a $1 million “insurance reimbursement policy.” A Hanna Andersson spokesperson told CyberScoop the company does not know who was responsible for the breach or how many customers might be affected. Hanna Andersson has hired cybersecurity companies Coalfire and Carbon Black, along with consulting firm Charles River Associates and a team from Salesforce, to investigate the breach, the spokesperson said. The company is working with the Department of Homeland Security and FBI on the investigation.
Hanna Andersson is known for selling pajamas, some of which are themed around popular Disney movies. The breach shows that, regardless of the end product being sold, anywhere on the web that houses financial data is a potential target for criminals. Financially-motivated hacking is a thriving as criminals have successfully targeted web portals where victims enter payment data. One of the more effective ways of stealing card-payment is through a code-skimming technique, popularized by a collection of roughly a dozen criminal groups, known as Magecart. A recent study found that Magecart-style code had been planted on more than 2 million websites.
Hanna Andersson’s letter to customers did not identify any suspects who may be behind the breach.
UPDATE, 01/22/20, 7:48 a.m., EDT: This story has been updated with a statement from a Hanna Andersson spokesperson.
An October hack of medical testing company LifeLabs exposed the sensitive personal information of an estimated 15 million Canadians.The LifeLabs data breach included lab test results and national health card numbers along with personally identifiable information including names, dates of birth, home addresses and email addresses.