Gyft Notifies Affected Users of Security Incident
February 05 2016 - 8:30PM
Business Wire
In an ongoing effort to protect the accounts and account
information of its users, Gyft is notifying users who may have been
affected by a security incident. Gyft is continuing to investigate
the incident and will take all appropriate steps to protect Gyft
users. This Media Notice is being issued to assist Gyft users and
to comply with required notice obligations.
Beginning on October 3 and continuing through December 18, 2015,
an unknown party accessed without authorization two cloud providers
used by Gyft. This party was able to view or download certain Gyft
user information stored with these cloud providers and made a file
containing some of that user information. As soon as Gyft learned
about the exposure, Gyft began investigating how this user
information was accessed and what risks this potentially posed to
Gyft customers. Fortunately, Gyft has not discovered evidence that
anyone used the information potentially compromised in this
incident to access Gyft accounts, make unauthorized purchases, or
otherwise use the information improperly.
The information potentially accessed from the cloud providers
included names, contact information, dates of birth, and gift card
numbers. Gift card numbers could have been used to make
unauthorized purchases. In addition, Gyft log-in credentials may
have been compromised. An unauthorized party who acquired
credentials could have accessed a Gyft account and used any gift
cards in the account with unused balances, reward points or a
Coinbase-enabled account to purchase additional gift cards.
Importantly, no credit cards stored in Gyft accounts were
compromised. Full credit card numbers are not visible in Gyft
accounts and all credit card purchases on Gyft require entering the
card’s security code, which was not part of the information that
may have been compromised.
Shortly after discovering this issue, Gyft acted to prevent
unauthorized access by requiring users whose passwords were
potentially compromised to reset their passwords, and logging out
other affected users. The affected users who have not already
changed passwords will be required to choose a new password the
next time they log in.
Gyft recommends that users change their passwords for any online
accounts where the same password was used for a Gyft account. In
addition, if a user has a Coinbase account linked to a Gyft
account, Gyft recommends that the user review any Coinbase
transactions beginning in October 2015, because a linked Coinbase
account could have been used to make purchases within a Gyft
account. Users should also monitor any gift cards that were in
their Gyft account before January 8, 2016.
The information potentially compromised in this incident does
not affect users’ credit, but any Gyft user can obtain additional
information about identity theft from the Federal Trade Commission
by contacting them at:
- www.consumer.ftc.gov
- 1-877-ID-THEFT (877-438-4338), or
- Identity Theft Clearinghouse600
Pennsylvania Ave., NWWashington, DC 20580.
In addition, consumers can contact the consumer reporting
agencies, for information about placing a fraud alert or security
freeze, at:
- Equifax: 1-800-525-6285;
www.equifax.com; P.O. Box 740241, Atlanta, GA 30374-0241
- Experian: 1-888-EXPERIAN (397-3742);
www.experian.com; P.O. Box 9554, Allen, TX 75013
- TransUnion: 1-800-680-7289;
www.transunion.com; Fraud Victim Assistance Division, P.O. Box
2000, Chester, PA 19022-2000
View source
version on businesswire.com: http://www.businesswire.com/news/home/20160205005917/en/
For GyftLisa MacKenzie,
503-705-3508Lisam@MacKenzie-marketing.com