Security Alert: Penny Forward Attacked On July First and July Eighth

Hello Penny Forward members and supporters.

I want to let you know that our web site was attacked on July 1st and again on July 8th. The attackers were creating hundreds of false members, apparently to test stolen credit card numbers. They did not steel credit card numbers from Penny Forward or its members.

In response to this, we’ve added Google Recaptcha to our donate and signup forms. This should normally not present any accessibility challenges to anyone, but if you run into any trouble please email us or call 1 (888) 332-5558 and let us know about the problem.

We’re also working with a third party to audit our site to make sure that there aren’t any other security holes that attackers can take advantage of.

Again, this attack was not aimed at steeling your data, but at trying to validate credit card numbers they stole from somewhere else. If, at any time, we become aware of a security breach that impacts your data, know that we’ll alert you immediately so you can respond to any threats. Please also know that we intentionally minimize the data we store about you to reduce the impacts of potential attacks. Specifically, we do not retain your credit card information at all, so it’s not possible for attackers to steel that from us.

Thank you for your patience as we work through this  and please reach out to us if you have any questions or concerns.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.