Recently, popular health-food company Bob’s Red Mill Natural Foods (“Bob’s Red Mill)” reported a data breach stemming from an attack known as a “data scrape.” As a result of the recent cyberattack, the company reports that an unauthorized party was able to obtain certain customers’ personal information, including their credit card numbers. On April 15, 2022, Bob’s Red Mill began sending out data breach notification letters to affected customers.

Multiple customers on Bob’s Red Mill have already reported that they have noticed fraudulent activity. If you received a data breach letter from Bob’s Red Mill, it means that your information was accessible to an unauthorized party. To learn more about how to protect yourself from identity theft or fraud and what your legal options are in the wake of the Bob’s Red Mill data breach, see our blog post here.

What Caused the Bob’s Red Mill Data Breach?

According to a letter sent to customers whose information was leaked in the recent cyberattack, Bob’s Red Mill recently learned that it was the victim of a data scrape attack between February 23 and March 1, 2022. Upon learning of the attack, the company removed the malware and engaged in a comprehensive review of all transactions that may have been affected.

Initially, Bob’s Red Mill had no indication that any online customers’ information was used for criminal purposes. However, on March 22, 2022, the company received a call from a customer who reported a fraudulent charge on their account. Since then, the company has received “a number of similar reports.” While Bob’s Red Mill has yet to confirm whether these fraudulent charges are related to the data scrape attack it experienced earlier this year, on April 15, 2022, the company issued data breach notifications to all customers whose information was impacted in the breach.

About Bob’s Red Mill

Bob’s Red Mill Natural Foods is an employee-owned company that produces natural, certified organic, and gluten-free milled grain products. The company was founded in 1978 in Milwaukie, Oregon, where the company maintains its current headquarters. Bob’s Red Mill produces over 400 products, most of which are ground in 12-year-old mills using quartz millstones. The company employs more than 600 people and generates approximately $239 million in annual revenue.

What Are Data Scraping Attacks?

The Bob’s Red Mill breach involved a type of cyberattack called a “data scrape attack.” Data scraping on its own is nothing new—or nefarious. The term refers to the process in which someone uses bots to extract information from a website. For example, search engines use data scraping when crawling a website to determine the site’s relevance to the searcher. However, hackers can use malicious software in conjunction with data scraping techniques to obtain credit card data and other personal information.

When hackers target a website in a data scraping attack, visitors to the site will not notice anything out of the ordinary. The website will look and function exactly as it normally would. However, when the visitor puts their credit card information into the site to complete a purchase, that information will automatically be ported over to a spreadsheet or some other database in the hacker’s possession. This allows hackers to obtain large amounts of financial data, which they can then use to conduct identity theft or simply use the payment information to make purchases.

While data scraping attacks are “invisible” to consumers, companies with robust data security measures in place should be able to prevent or detect these attacks.