SelectBlinds Data Breach Impacts 206,238 Customers

Description of the data breach

On September 28, 2024, SelectBlinds, a leading online retailer specializing in custom-made window coverings, discovered a significant data breach. The breach occurred on January 7, 2024, when an unauthorized third party embedded malware on the company’s website. This malware enabled the attacker to scrape sensitive customer data entered on the checkout page.

The breach affected a total of 206,238 individuals across the United States. The compromised information included highly sensitive personal and financial data, such as:

• Names
• Email addresses
• Shipping and billing addresses
• Phone numbers
• Payment card information (card number, expiration date, and CVV)
• Usernames and passwords

The severity of the breach is notable, as the stolen data could potentially be used for identity theft, financial fraud, or unauthorized account access. The malware was active for an extended period before being detected, increasing the risk of exposure for affected individuals.

For residents in specific states, the number of impacted individuals is as follows:

• Texas: 8,632
• Maine: 1,185
• Massachusetts: 5,530
• South Carolina: 1,872

SelectBlinds disclosed the breach to several state attorney general offices, including California, Maine, Massachusetts, South Carolina, and Texas between October 31, 2024, and November 1, 2024. Consumers were notified via written mail and email starting on October 31, 2024.

SelectBlinds's response

Upon discovering the breach, SelectBlinds launched an immediate investigation with the assistance of external cybersecurity experts. The company identified and eradicated the malware by October 10, 2024, and implemented several measures to prevent future incidents. These measures include:

• Temporarily locking affected user accounts.
• Requiring users to reset their passwords upon their next login.
• Enhancing security controls and monitoring systems.
• Conducting a comprehensive review of their website and checkout process.

These actions aim to minimize the risk of further unauthorized access and ensure the safety of customer information moving forward.

Steps to take if you are affected by the data breach

If you believe you may have been affected by this data breach, it is crucial to take immediate steps to protect your personal and financial information. Here’s what you should do:

1. Reset your passwords: Change your SelectBlinds account password and any other accounts that use the same login credentials. Use strong, unique passwords for each account.
2. Monitor your financial accounts: Regularly review your bank and credit card statements for unauthorized transactions. Report any suspicious activity to your financial institution immediately.
3. Enable fraud alerts: Contact the three major credit bureaus (Equifax, Experian, and TransUnion) to place a fraud alert on your credit file. This will notify creditors to take extra precautions before opening new accounts in your name.
4. Consider a credit freeze: A credit freeze prevents creditors from accessing your credit report without your consent, making it harder for fraudsters to open accounts in your name. You can request a freeze from Equifax, Experian, and TransUnion.
5. Obtain your free credit report: Visit Annual Credit Report or call 1-877-322-8228 to request a free copy of your credit report from each of the three major credit bureaus. Review the reports for any unauthorized activity.
6. Stay vigilant for phishing attempts: Be cautious of unsolicited emails or phone calls requesting personal information. Scammers may use the stolen data to impersonate SelectBlinds or other legitimate entities.
7. Contact SelectBlinds for assistance: If you have further questions or need additional information, you can reach SelectBlinds at 1-866-586-7032.

By taking these steps, you can reduce the risk of identity theft and financial fraud resulting from the breach.