A malware incident may have exposed some customer payment card data at Russell Stover retail stores.
The specialty food and gift retailer is reporting that an “unauthorized actor” possibly gained access to its in-store POS systems through malware beginning no earlier than Feb. 9, 2019, and ending no later than Aug. 7, 2019. Upon learning of the incident, Russell Stover says it initiated an investigation, engaged independent cybersecurity experts, and took measures to eradicate and contain the malware. Russell Stover has also notified law enforcement and regulatory authorities and is working with payment card companies.
The company believes that certain payment card data, including some consumers' first and last names, payment card numbers and expiration dates, could have been acquired. At this time, Russell Stover says it has no evidence that any information has been inappropriately used, but is providing potentially impacted customers with information on how they can protect themselves.
According to Russell Stover, there is currently no evidence that this incident impacted purchases made on its website. The retailer says it is working to further strengthen its security measures, including through enhanced employee training and improved technical measures.
More information from Russell Stover about this security incident is available here. www.russellstover.com/securityincident.