Bulletproof Coffee, the company behind the trendy energy-boosting, butter-infused java, said it has suffered a data breach, compromising the personal and financial details of its customers. Bulletproof 360, creator of the beverage touted as the secret to weight loss and mental clarity, said it discovered "unauthorised computer code" added to the software that operates the checkout page on its website.
The company said it launched an investigation into the unknown code and examined its systems with the help of leading security firms. Based on its investigation, the company said the unauthorised code may have been capable of capturing sensitive information entered by customers during the checkout process between 20 May and 13 October as well as from 15 October through 19 October.
Data compromised in the breach include customers' names, physical and email addresses, payment card numbers, expiration dates and card security codes (CVV).
The data breach was discovered mid-October and was disclosed to California authorities on Monday, 27 November. The company did not disclose how many people were affected by the breach.
"We take the security of our customers' personal information very seriously, which is why we have been working with leading computer security firms and reporting to law enforcement," Bulletproof founder and CEO Dave Asprey said in a letter sent to affected customers. "We are working diligently to strengthen the security of our website in order to prevent this type of incident from happening again."
The company has advised customers to review their payment card statements for any suspicious, unauthorised activity or transactions. It has also offered to reimburse customers affected by fraudulent charges through their payment cards during the affected time period should their banks refuse to do so.
"We will reimburse you for any such reasonable, documented costs that your financial institution declined to pay," the firm said. "We regret that this incident occurred and apologise for any inconvenience."
IBTimes UK has reached out to Bulletproof for comment.