NOTICE: If you are a customer of iCanvas, placed an order between May 10 and May 28, 2020, and have received a NOTICE OF DATA BREACH, contact the Arnold Law Firm at (916) 777-7777.
On May 28, 2020, online art retailer iCanvas discovered that unauthorized script had been placed on the checkout page of their website. The unauthorized script was designed to capture sensitive information submitted by customers through the website’s credit card payment function as they hit the “place your order” button.
The unauthorized script is believed to have been placed on the iCanvas website on or about May 10, 2020. It is unknown how many customers were affected by the security incident.
Information compromised by the data scraping includes:
iCanvas claims to have taken technical precautions to prevent this type of incident from occurring again. The company has notified affected individuals and is offering online credit monitoring service for one year. They are also encouraging customers to review accounts regularly for incidents of financial fraud and identity theft.
Headquartered in Morton Grove, Illinois, iCanvas is an online marketplace offering arts, crafts, and paintings with annual revenues exceeding $15 million. Founded in 1999, iCanvas operates under parent company Kroto, Inc. and maintains a large social media following, including more than 150,000 Facebook followers.
If you are a customer of iCanvas, placed an order between May 10 and May 28, 2020, and have received a NOTICE OF DATA BREACH, contact the Arnold Law Firm at (916) 777-7777 to discuss your situation and possible legal options.