SECURITY UPDATE
In October of 2022, we were informed by VISA that there was a security issue on our website resulting in the fraudulent use of credit cards that affected up to 200 clients spanning a four-month period prior. We recognize the severity of this breach and respect your critical right to privacy and confidence in using our platform. Immediate and urgent actions taken have been successful in rectifying this.
A thorough PCI investigation was outsourced to a security firm who conducted a full audit on our website, the scope of which scrutinized our website’s firewall, coding, and remote access and activity logs. The findings revealed a vulnerability in our payment module that had been exploited to allow malware to record credit card information during Checkout.
We want to assure you that, as of 07 Nov, the vulnerability has been patched, and our online security has been upgraded. We have hired a dedicated company that will provide their firewall services to us ongoing, which includes 24/7 monitoring and alerting of potential malicious web activity, and to continually ensure that we are PCI-compliant.
We have been assured that the focus of the malware attack had been on credit card information specifically, and that no other critical personal data points had been targeted.
During this ordeal, many of you have reached out to us and provided personal experiences and information that have aided greatly in achieving resolution. Your collective willingness to offer support despite the exigent circumstances is humbling. To all those affected by fraudulent uses of your credit card, and all who faced the prospect of its exposure, we are abjectly and sincerely sorry.
Your privacy, security, and trust are of utmost importance to us, and its breach is regretful and something we take very seriously. We have taken the lessons learned from this experience and applied them to continue growing and serving you in the future.
Alfredo Pellegrino
President
