sb-nz logo
Story image

Animates data breach affects thousands of online customers

24 Sep 2019

New Zealand pet supplies retailer Animates has shut down its website after it was hit by a data breach, affecting 2700 customers.

The company says anyone who has purchased items from its website should keep an eye on their bank statements.

Between June 29 and September 13, an as-yet-unknown third party breached its website and may have accessed customers’ personal information and payment details.

“Through our investigation to date credit/debit card data has been targeted through the breach. Any personal information shared with us may have also been impacted by the incident. This could include your address, phone number, email address, username or password,” the company explains on its website.

The company adds that it doesn’t hold customers’ credit and debit card data on its own servers – instead it is held with banks via a secure payment gateway.

The breach seems to be caused by malicious software that infected the website and remained undetected. The company only found the breach after a security audit. Once Animates discovered the breach, it shut down the website and began an investigation.

That investigation is ongoing as it works with external security consultants, and the website remains offline as of September 24. The company also says it has notified relevant legal and privacy authorities.

"We’ve engaged third party IT security experts to investigate all possible vulnerabilities and there is a chance we may not find this who has been impacted by this incident. We are taking a proactive approach to directly notify the potential risk of all 20,000 customers that have entered personal information on our site,” a statement says.

“We take the protection of our customers' data very seriously and we are launching a new website that has passed security audits from third party security specialists. This website is due to go live in the coming days.”

The company says that customers who paid for items in physical stores; and those who used PayPal or Layby to pay for purchases online have not been affected by the breach.

“We will be emailing our customers soon to notify them the new website is live and to create a new password for their account.”

Animates suggests that customers should:

  • Monitor credit card/debit activity closely: For customers that used a credit or debit card to make a purchase during the impacted period, you should monitor your credit/debit card statements closely and report any unusual activity to your bank.
  • If the credit/debit card you used on our website does not belong to you, please take steps to bring this email to the cardholder's attention so that they can take steps to prevent potential misuse.
  • Change similar passwords across other sites. If you use the same password that you used to access Animates across other websites (such as email, social media, online banking etc); we would encourage you to reset these passwords as a precaution.
  • Keep a look out for email, telephone and text-based scams.

“We unreservedly apologise this incident has occurred. At Animates, we have always prided ourselves on providing great experiences for our customers,” the company concludes.

Animates customers who have any further questions or concerns can email privacyofficer@animates.co.nz or visit www.animates.co.nz/data-breach for more information.

Those who are concerned about their credit or debit cards should contact their bank.

Story image
IDC names Accenture APAC Leader in pro security services
Accenture was recognised as having one of the most comprehensive security advisory and security assessment offerings.More
Story image
FireEye unveils Cloudvisory: A multicloud security control centre
FireEye has announced the availability of FireEye Cloudvisory - a control centre for cloud security management across any private, public or hybrid security environment.More
Link image
Revealed: The A-Z of mobile workforce security
Ordinary office workers - now home office workers - have never been more at risk of cyber threats. Join this webcast series to hear from experts on how to best protect your business and your staff.More
Story image
Trend Micro debuts dark-web scanning solution to combat identity theft
The solution was born from growing consumer concerns in New Zealand surrounding identity theft – a whopping 78% of Kiwis report concern about being a victim of identity theft, according to Trend Micro’s latest research.More
Story image
Five wine-tasting tips that should be applied to network security
What does network visibility really mean? Much like a blind wine tasting, we need to keep an open mind and trust what data is telling us without being biased by previous results.More
Story image
VMware reveals plans to acquire Octarine, going all in for Kubernetes
VMware says once the acquisition is completed, Octarine’s integration will provide new security features for containerized applications running in Kubernetes, and will enable security capabilities as part of the fabric of the existing IT and DevOps ecosystems.More