Revival Animal Health Network Announces Third-Party Data Breach
Table of Contents
- By Steven
- Published: Oct 26, 2023
- Last Updated: Nov 23, 2023
Headquartered in Orange City, Iowa, Revival Animal Health delivers business solutions for pet-oriented care and service providers; they offer pet healthcare products and animal supplies to pet professionals and individual pet owners. One way they provide services is via the e-commerce host CommerceV3. Revival Animal Health recently announced that CommerceV3 suffered a vulnerability, exposing 66,574 customer records.
How Did the Attack Occur?
According to the notice filed to the Iowa State Attorney General, the attack happened after an unauthorized actor gained access. The attackers did not breach Revival’s internal systems. They accessed the customer’s information that used the website within a specific period. How CommerceV3’s systems made the attack possible is unknown. It could have been a successful phishing attack or a vulnerable backend—there’s no way to know.
What Information Was Viewed or Stolen?
Those who ordered from Revival’s website between November 24th, 2021, and December 14th, 2022, may have information in danger. Revival will send a notice explaining the breach and your options if you entered an order within this time frame. CommerceV3 has stated the impacted information varies between people; it may include the customer’s name, address, payment card number, CVV code, and expiration date. That’s enough information to cause anyone to fall victim to financial crimes.
How Did Revival Animal Health Admit to the Breach?
The attack happened between November 2021 and December 2022, with investigations commencing between then and August 2023. Revival and CommerceV3 ran investigations into the scope of the attack, which Revival finished on or around August 23rd, 2023. Immediately following the results, Revival began moving to notify individuals. Following this, on October 19th, Revival appeared in five State Attorney General filings for Iowa, Vermont, Maine, Oregon, and Texas. Impacted parties should expect to see their physical breach notification in the coming days to weeks. Don’t wait for the confirmation to start taking preventative actions.
What Will Become of the Stolen Information?
Nothing is public about who committed the attack or their motives, yet the class of stolen credentials points to finance. Hackers who use the information individually could leverage it to commit financial fraud. Alternatively, they could profit by selling the details in bulk online to interested parties. They could even hold the information ransom and attempt to strong-arm CommerceV3 into payment. The future isn’t clear for the information; if it’s your data, guard your accounts before bad actors can do damage.
What Should Affected Parties Do in the Aftermath of the Breach?
Revival’s notices offer solutions for credit monitoring services, but these may not be enough to protect your accounts. Those who have had their financial details stolen must close and delete associated banking accounts and cards; these are standard procedures following any threat of fraud. Additionally, be cautious of text messages, emails, and letters from strangers; they could be phishing attempts to gather your new account credentials. Although Revival’s notices should arrive in the mail soon (if not already), don’t wait for them to start protecting yourself.
