We were recently informed of a design flaw in our third-party ecommerce fulfillment system, cleverbridge, that could have potentially allowed customers to accidentally disclose their purchasing information (i.e., last 4 digits of credit card used, credit card expiration date, business contact information, product purchased and taxpayer ID, if provided) by sharing a private URL.
In response and out of an abundance of caution, we’ve worked with cleverbridge to implement additional controls to the ecommerce system to further reduce the risk of a customer accidentally sharing this information.
We would like to thank Lucas Lavarello of Kulkan Security and cleverbridge for their quick actions and collaboration.