Squishable Inc. Breach - May 2022

Squishable Inc. is a toy production and technology company that creates stuffed animals for sale around the world. The company maintains more than 70 employees and works to help create plushies requested by its customers.

What Was the Breach?

• Address
• First and Last Name
• Credit Card Information
• Email Address

How Did the Breach Occur?

The Squishable breach occurred because an unapproved piece of code was added to the company website in an effort to see user data on the checkout page. The data gathered could be used to make fraudulent purchases by the third party that inserted the code on the site. This could be a serious issue for users that complete purchases on the website.

When Did This Breach Occur?

The Squishable Inc. breach occurred between May 26 and October 12, 2022. During this period, the harmful code was active on the company's website and actively sharing checkout information with at least one individual.

Who Does the Breach Impact?

This Squishable data breach impacts any customers that made a purchase on the company's website between May 26 and October 12, 2022. If you made your purchase during that time, your credit card information might have been gathered, and it could be sold off or misused to make purchases.

How Many Files Does the Breach Affect?

The Squishable data breach only impacts a small number of code files at the heart of the company's website. The individual wasn't collecting files but instead gathering checkout data from the form when it was submitted. The attack could have gathered data from thousands of customers and could create serious problems for anyone involved. If you believe your credit card data was compromised, you should freeze or cancel your card as soon as possible to prevent fraudulent activities.