Some members of FabFitFun are trying to figure out the next steps for them to take following a FabFitFun data breach. FabFitFun, a company that allows consumers to become members and get customized boxes mailed to them with products, suffered a data breach as the result of formjacking, where a thief inserts a code that gathers credit card information and, in some cases, more personal information in the background while the transaction processes like normal.
According to the Office of the Vermont Attorney General, the FabFitFun technical team discovered illegally placed malicious code on the company’s website. The breach notification letter states the malicious code was placed on the “Shop” portion of the website on May 2 and taken down on May 6. FabFitFun says the data breach did not impact the “Add-Ons” and “Box Purchases” portions of the website.
Members who completed purchases between May 2 and May 6 may have had personal information exposed during the FabFitFun data breach, including names, addresses, cities, states, zip codes, phone numbers, email addresses, credit card numbers, CVV codes and card expiration dates. If members were in the process of checking out but did not complete a purchase between May 2 and May 6, they could have had their names, addresses, cities, states, zip codes, phone numbers and email addresses exposed. Fortunately, those members are not believed to have had any credit card information leaked.
After learning of the malicious code, FabFitFun took down the code and offered affected members an annual membership. Anyone who’s information was exposed in the FabFitFun data breach should contact their credit card or debit card provider and follow their recommendations. Members should monitor their credit card or debit card statements for any suspicious activity and report anything suspicious to the bank listed on the card. For fraudulent charges, members should file an ID Theft Report with the Federal Trade Commission and obtain a copy for their records in case it needs to be used with a creditor to clear fraudulent charges.
Members affected by the FabFitFun data breach can also live-chat with an Identity Theft Resource Center expert advisor, or call toll-free at 888.400.5530. They can also download the free ID Theft Help App, where they can create a customized log to track all their steps in resolving their data breach case, access ITRC advisors for a personalized action plan, resources and much more.
You might also like…