Year-long Data Breach on Online Filters Website: Who’s Affected?

Filters Fast online company faces year-long data breach

Did you make a purchase from the online filter company, Filters Fast?

Customers of the online filter company Filters Fast may have been affected in a year-long data breach impacting the company’s website and thousands of its customers.

In February 2020, Filters Fast was notified of a possible hacking incident on their website. On July 10, 2020, an unrelated update on the website removed the malicious code.

It wasn’t until July 20th this year that their investigation confirmed that hackers added malicious code to the Filters Fast website over a year ago on July 15, 2019.

This means that even after the company discovered that its website had been hacked, it has seemingly continued to allow its customers to shop on its compromised site for months before notifying over 26,000 affected consumers.

Information compromised in the breach includes:

  • Customer name
  • Shipping and billing address
  • Payment card information used to make a purchase on the company’s website

What Can I Do?

If you made a purchase on the online filters website, FiltersFast.com, you may have been affected by this data breach.

Your sensitive information may have been left vulnerable for over a year due to malicious code added onto the company’s website on July 15, 2019 by hackers.

Customers of Filters Fast may qualify to join this data breach class action lawsuit investigation.

Fill out the FREE form on this page to see if you qualify.

What is Filters Fast?

Filters Fast is a family-owned, North Carolina–based company selling a variety of home filtration devices online. Founded in 2004, the company calls itself the “top filtration provider online in the United States,” according to their website.

However, Filters Fast may have knowingly allowed millions of customers to shop on a website compromised in a data breach without warning them of the breach, placing their personal information in danger.

The Filters Fast Data Breach

Customers of the Filters Fast website may have been affected for nearly an entire year in which the site was unknowingly compromised by a malicious code introduced to the system in a data breach back in 2019.

According to the Notice of Breach written and signed by CEO and Founder Ray Scardingo, Filters Fast was notified in February 2020 of a possible hacking incident on their website. The company says that it immediately launched an investigation into the issue, which included hiring an outside expert forensics firm to analyze their systems and find any potential breach in security.

Approximately five months later, an unrelated update to their website removed malicious code that had been added.

Finally, on July 20, an investigation conducted by Filters Fast into the hacking incident found that hackers had breached their system a year prior, on July 15, 2019.

This means that for almost an entire year—short just a few days—the Filters Fast website was compromised, in turn exposing the personal information of thousands of customers.

This also means that from February through July, Filters Fast was aware of the data breach but did not inform its customers of the breach until mid-August.

During this five-month period, RapidSpike predicts that approximately 3.4 million customers shopped on the compromised Filters Fast website, with about half a million website visitors per month.

Between August 14th and 18th, Filters Fast sent out a notification letter to approximately 30,000 customers, most of whom are residents of California, informing them about the data breach and noting that it is unlikely to result in identity theft. However, the company is offering affected customers free identity theft protection services for twelve months, along with a $1,000,000 insurance reimbursement policy and fully managed ID theft recovery services.

Despite the company’s claims, customers have started to come forward in online reviews such as on Trustpilot, claiming that they have already begun noticing unauthorized credit card purchases, per RapidSpike.

According to a security researcher with RapidSpike, “Although these can be sophisticated attacks, the company did not act appropriately in minimizing data exposure. It is irresponsible for companies to knowingly allow their customers to shop on a website that is compromised.”

“We recommend companies put their website in maintenance mode as soon as they are aware of the compromise,” RapidSpike noted, though Filters Fast waited about five months after finding out about a possible breach and about one month after confirming and fixing the breach before notifying customers.

“Although it is important to take some time to ensure the information provided is accurate, this is not an appropriate timeframe for notification,” according to the RapidSpike researcher.

What Information Was Compromised in the Breach?

One of the top concerns of those affected in any data breach is wondering if their information, such as personally identifiable information PII), was compromised—and if so, to what extent?

In the Filters Fast data breach, a few major pieces of customer information may have been affected.

This information includes:

  • Customer name
  • Shipping and billing address
  • Payment card information used to make a purchase on the company’s website

The Notice of Breach letter from Filters Fast states that “none of your other personal information was at risk of being impacted during this incident.”

Approximately 26,093 customers in California have been notified of this incident, along with 755 customers in North Dakota and 3,272 customers in Iowa. Altogether, at least 30,000 people have had their information compromised in this attack.

However, these numbers were gathered from emails sent to the attorney generals of California, North Dakota, and Iowa respectively by Filters Fast. Entities who encounter a data breach affecting at least 500 residents of California or Iowa, or at least 250 residents of North Dakota, are required to notify the individuals affected as well as the state attorney general. So while at least 30,000 customers had their information compromised in the attack, there may be more who were affected in other states.

In each of the letters to the attorneys general of these states, Filters Fast states that “this letter is being provided as a courtesy as we do not believe notification to you is required by your state’s statute”—although such notification is definitely required in California, North Dakota, and Iowa.

How Have Customers Responded?

Customers have responded to the news about the data breach on Trustpilot and Twitter, expressing disappointment in the company’s response.

Some customers claim that their information has already been used to make unauthorized purchases, according to RapidSpike.

Join a Free Filters Fast Data Breach Class Action Lawsuit Investigation

If you made a purchase on Filters Fast, your personal information may have been compromised, placing you at risk.

You may be able to join this free Filters Fast data breach class action lawsuit investigation.

See if you qualify for this investigation by filling out the free form on this page.

Get Help – It’s Free

Free Filters Fast Data Breach Case Evaluation

Fill out the form below for a free case evaluation. If you qualify, a lawyer will contact you to discuss the details of your potential case at no charge to you.

  • The law firm responsible for the content of this page is: Mason Lietz & Klinger LLP
  • Please use the following format and estimate to the best of your ability (MM/DD/YYYY).
  • This can include an email confirmation.
  • We tell you about cash you can claim every week! Subscribe to our free newsletter today.

E-mail any problems with this form to:

Questions@TopClassActions.com.

ATTORNEY ADVERTISING

The choice of a lawyer is an important decision and should not be based solely on advertisements.

Counsel responsible for this advertisement includes Gary Mason at:

Mason Lietz & Klinger LLP

PAID ATTORNEY ADVERTISEMENT: THIS WEB PAGE IS AN ADVERTISEMENT AND THE PARTICIPATING ATTORNEY(S) ARE INCLUDED BECAUSE THEY PAY AN ADVERTISING FEE. Top Class Actions is not a law firm, lawyer referral service, or prepaid legal services plan. We do not endorse or recommend any third-party claims processing company, lawyer, or law firm who participates in the network. We do not make any representation, and have not made any judgment, as to the qualifications, expertise, or credentials of any participating lawyer or processing group. No representation is made that the quality of the legal services or claims processing to be performed is greater than the quality of legal services or claims processing performed by other lawyers or claims processing group. The information contained herein is not legal advice. Any information you submit to Top Class Actions does not create an attorney-client relationship and might not be protected by attorney-client privilege. Instead, your information will be forwarded to an attorney or claims processing firm for the purpose of a confidential review and potential representation. You should not use this website to submit time-sensitive, or privileged information. All photos contained on this website are of models and do not depict clients.