Opening Ceremony Online, LLC.

Under Review: 
No Review
Date Breach Made Public: 
March 31, 2012
New York , NY
United States
New York US
Records Breached: 


Breach Total Number: 
California Attorney General
Year of Breach: 
Type of organization: 
Type of breach: 

Opening Ceremony discovered that an inadvertent breach of security resulted in the exposure of customer names, addresses, credit card numbers, credit card expiration dates, and credit card security codes.  The breach was discovered sometime in March and first occurred on or around February 16, 2012.

UPDATE (5/11/2012): The breach lasted between February 16 and March 21 of 2012. Malware was discovered on the website on March 21.  Affected customers were mailed notification letters on May 4.  Either the credit card information was stored in an unencrypted format on the site in violation of Payment Card Industry Data Security Standard (PCI-DSS) practices, or a hacker was able to place something on the site to get credit card information after it was transmitted. It is more likely that Open Ceremony, an online clothing retailer, was not in compliance with PCI.