Do you do indoor gardening at the office?

If so, odds are that you own AeroGrow equipment. If that's the case, some of your personal information, including the credit or debit card number you paid for the goods with, may have been compromised.

The company recently notified its customers that they discovered malware lurking on their payment processing page.

For reasons that aren't yet clear, the company did not detect the malicious code for some four months. They estimate that the malware was active between October 29, 2018 and March 4, 2019.

Aerogrow has notified the FBI and enlisted the aid of a third party to assist with the forensic investigation, which is ongoing.  At present, the company is unable to determine how many of its customer records were compromised.

Among impacted customers, the following information was taken

  • Credit or Debit card number
  • Expiration date
  • Security Code
  • Any personal data the customer may have used to verify processing of the payment in question

Grey Gibbs, the AeroGrow Senior VP of Finance and Accounting issued a formal apology in the aftermath of the incident, saying, "I want to sincerely apologize for this incident and I regret any inconvenience it may have caused you.  I want to assure you that we take this criminal act very seriously and have addressed it thoroughly."

The company's response has been generally good, and they've offered a year of free credit monitoring to all impacted customers. However, that's small consolation to those who now have to deal with the prospect that their identities may have been stolen and may face fraudulent charges on their credit cards in the weeks and months ahead.

Our perspective

If you're an AeroGrow customer, to be safe, report your payment card as compromised and take whatever other steps you deem necessary to protect your identity.


The author

Thanks for reading this short post. For more tips on thriving with small business technology, check out the other blog posts at DWPia Blogs. I am also available at dwpia on LinkedIn, at dwpia on Facebook, and @dwpia on Twitter.

Cybersecurity Expert, Small Business Technology Consultant, Managed Services Provider, Managed IT Support

Denis S Wilson

I am President and Principal Consultant for DWP Information Architects: specializing in managed IT support for smaller healthcare practices, clinics, insurance companies, and nonprofit companies in Ventura County and San Fernando Valley. And have created cost-effective IT solutions, for over 20 years, specializing in cybersecurity and regulatory compliance.

I am also a published author and speaker, working extensively with organizations that include: the State of California, the Federal Bureau of Investigation (FBI), the Small Business Administration (SBA), SCORE, Women's Business Centers, and Small Business Development Centers. As well as providing small business technology education programs through business and professional associations.

Contact me if you would like me to speak at your meeting.

Meanwhile, check out this report

Executive Report: 10 Hidden IT Risks That Might Threaten Your Business