Aeropost – Monday April 25th 2022, Over the weekend we received reports of fraudulent activity involving Aeropost customer credit cards. Although our systems keep all customer information encrypted and under a PCI certified zone, our security monitoring protocol identified unusual activity on a server used for file management.
The server we identified as being exposed to a potential breach accounted data for 6% of our customers.
We are committed to protecting every one of our customers personal data and are therefore taking the precautionary measures below to eliminate any additional risk to our customers.
1. We disabled the breached server and the data transmission services that included it.
2. We deleted all login credentials in our systems (passwords) and payment information.
3. We opened collaborative channels with banking and governmental entities in order to identify the attackers and protect our customers from fraudulent charges.
4. We contacted via email all customers who may have been affected and asked them to take additional steps to review their account statements and request replacement cards from their banks.
5. We created a specialized contact team to individually assist each affected customer. This team can be contacted via firstname.lastname@example.org.
While we are working directly with issuing banks to reduce the administrative costs associated with card replacement, banks require each cardholder to contact them directly.
In the same way, we understand that our customers have concerns related to fraudulent charges. Card issuers are familiar with cases like these and have pre-established protocols in place to eliminate such charges and protect the cardholder.
We have made available a Frequently Asked Questions page where we have addressed the main concerns related to this incident including if a customer was affected or not, the process of recovering your passwords and payment processing through PayPal.
We reiterate our commitment to continually ensuring each of our customers’ data is protected.