Update 12/27/17

These last couple weeks have been some of the most challenging times our team has faced to date. Everyone involved has been working relentlessly to gather as much information as possible. We’ve been in communication with customers who have may have been affected by this security incident and can’t thank our community enough for all the support you’ve shown in helping us navigate through these difficult times.

Our forensic team confirmed that an attacker may have intercepted some of our customers’ payment card information between checkout and our secure credit card processor. We immediately stopped this and have taken additional security measures to protect against this from happening again.

What we are doing:

The major payment card brands have been notified of the issue so they can monitor our customers’ payment card accounts closely for potential fraudulent purchases. Letters have also been sent to the Credit Reporting agencies Equifax, Experian and Transunion.

Federal law enforcement has been notified about the issue and we will continue to work with investigators to identify the attacker.

Forensic experts have conducted a thorough investigation and review of the attack, and confirmed that our website is currently secure.

Security updates have been made as recommended by our secure merchant processor, security team and forensic experts to make our website even more secure from future malicious attacks.

Communications are being mailed or emailed (depending on location) to each individual who may have been affected.

Credit card monitoring services are being offered for individuals who may have been affected in the US and instructions to enroll will be included in the communication.

What you can do:

To be on the safe side we encourage you to check your payment card statements, and to the extent you identify questionable activity we recommend that you report such activity to your bank right away. If you do receive communication from us saying you could have been a target of this attack, please check the letter for instructions to set up credit monitoring services as an additional protective measure.

We’re sorry:

From the bottom of our hearts we truly apologize for any inconvenience this has caused. As data security issues are becoming increasingly commonplace, we know firsthand how frustrating it is to be the victim of unauthorized credit card use by third parties, especially during the Holidays. We will continue to work hard to keep our customers safe and truly appreciate the support we have received thus far.

If you have any further questions, please do not hesitate to contact us at [email protected].

Update 12/10/17

Our team has been working around the clock with our forensic experts to get to the bottom of our customers’ reports of fraud on their credit cards by 3rd parties. This process has been especially difficult since we do not store any customer financial records on our system. We have now discovered evidence indicating that an attacker intercepted some of our customers’ payment card information between checkout and our secure credit card processor. We immediately stopped this and took additional security measures to help prevent this attack from happening again.

What has been done:

The major payment card brands have been notified of the issue so they can monitor our customers’ payment card accounts closely for potentially fraudulent purchases.

Federal law enforcement has been notified about the issue and we will work with investigators to identify the attacker.

Forensic experts are conducting a thorough investigation and review of the attack.

Our next critical priority is identifying which customers’ payment cards could have been affected. As soon as the forensics experts have identified which customers were exposed to this attack we will issue those customers individual notifications. In addition we will offer to pay for credit monitoring services to further our commitment to protecting our customers. We understand the time sensitive nature of this and are continuing to work as quickly as possible.

We very much appreciate your patience in this phase of the investigation and truly apologize for the inconvenience and stress this has caused. We will continue to update this blog with new information as it becomes available.

Update 12/06/17

As you may know, we have been investigating reports of possible unauthorized activity on some of our customers’ payment cards that could have been caused by malicious 3rd parties. Our customers are our first priority. We have taken – and continue to take – this matter very seriously. We want to make sure to conduct a thorough investigation into any potential security issues, and have decided to engage an expert forensic firm. While the investigation is ongoing, we are evaluating and have been implementing additional security measures in order to further our commitment to protecting our customers’ payment card data. We are working tirelessly to understand precisely how an incident may have impacted our customers.

During this time we encourage you to consult this blog for accurate, up-to-date information and not to rely solely on social media or other sources since some of the information communicated by other parties may not be accurate.

We value your privacy and sincerely apologize for any inconvenience and stress caused while we get to the bottom of this. To be on the safe side we encourage you to check your payment card statements, and to the extent you identify questionable activity we recommend that you report such activity to your bank right away.

We will continue to update this blog with more information as our investigation develops. We understand the time sensitive nature of this and are working hard to make this process move quickly and to sure we provide as accurate information as possible.

Update 12/03/17

We have seen issues raised from our community pertaining to unauthorized credit card charges by 3rd parties. Please know that keeping customer information fully secure is our top priority. We are working to investigate this matter further. We will be following up and updating this blog post with more information as it becomes available. Thank you for your help and patience while we work to learn more.