BevMo malware
  • 15000 BevMo e-commerce customers had their billing data stolen by a piece of malware code in the checkout page.
  • BevMo reported the incident to the California attorney general’s office and credit card companies.
  • No official notification was sent to the affected customers, and no warning has been posted on the BevMo website.

BevMo is a California-based alcoholic beverage retailer that offers an e-commerce platform which allows people to buy goods online and have them delivered at their doorstep. According to an Associated Press report, BevMo has notified the California attorney general’s office that someone has stolen the credit card and other information of about 15000 customers who placed orders online.

The company has not issued an official warning or statement on the matter, so the people who had their credentials stolen have not been notified yet. One possible causation for this could be that the investigation of the data leak is still ongoing, and the other would be to avoid the negative publicity that could affect sales during the holiday period. According to what was made known, the customer data that leaked include their full names, credit or debit card numbers, expiration dates, CVV2 codes (the three-digit security code), billing addresses, shipping addresses, and phone numbers.

The stealing of the aforementioned data was achieved through the planting of a malware code on BevMo’s order checkout page, capturing whatever the customers inputted in the order form from August 2 to September 26. NCR Corporation which is the company that operates BevMo’s website has removed the malware and is currently collaborating with a 3rd party forensic investigation firm that specializes in online transactions security.

If you have bought something from BevMo between August and September this year, it is likely that your credit card information has already found its way to the wrong hands. Considering the type of data that was stolen, such credit cards should be immediately revoked. BevMo also suggests that you call a company official at (877) 565-6276, possibly to get more reliable information on the fate of your data. If you need to buy something from BevMo, but you are now afraid to do so online, BevMo operates more than 150 physical stores around the US so that you can do your shopping with the “traditional” safety.

Have you bought anything from BevMo online? Let us know of your experience in the comments below, and also visit our socials on Facebook and Twitter for a greater dose of daily tech news.