MILWAUKIE, ORE. — Bob’s Red Mill Natural Foods, Inc. on April 15 notified its online customers of a data breach. According to Bob’s Red Mill, the company was the victim of a “data scrape” attack between Feb. 23 and March 1. Data scraping is described as the process in which a computer program extracts data from output coming from another program.
As part of the breach, Bob’s Red Mill said an unauthorized party was able to obtain certain customers’ personal information, including credit card numbers. The company said the information typically goes directly (and via secure protocols) to its payment processor, but scraping software was used to interfere with the payment process. Bob’s Red Mill said it isolated and removed the malicious software and purchases on its website are again secure.
“Initially, we had no evidence that any of the information was acquired (e.g., downloaded or exfiltrated from the website),” the company noted in a letter to customers. “Nor did we have any indication that the information had been used in any way — such as to make fraudulent purchases. But we continued to look into the incident. On March 22, we received a call from a customer who indicated that they incurred a fraudulent charge. We received a number of similar reports this month.
“We do not know if these fraudulent charges are related to our website incident, but it now appears possible that payment card (and other) information may have been acquired. We are therefore providing you with this notice so you can take steps to protect yourself.”
Founded in 1978, Bob’s Red Mill makes more than 400 products, many of which are sold via its website. The company has more than 600 employees and generates nearly $240 million in annual revenue.