For more information regarding our Notice of Security Incident, please call 1-844-963-2706
June 29, 2020
We recently became aware of a report that mentioned Minted as one of ten companies impacted by a potential cybersecurity incident. We promptly undertook an investigation, with the assistance of outside forensic experts. The investigation determined that, on May 6, 2020, unauthorized actors obtained information from the company’s user account database. Since determining this on May 15, we have continued to investigate expeditiously to assess what information was impacted and identify affected individuals.
We sent email notices to affected customers, which provided information about what happened, what personal information was involved, and what steps they can take in response, including promptly changing their password to their Minted account. On May 28, 2020, we also posted a notice on our website about the incident.
Our investigation into the incident is continuing. We are providing this updated notice to reflect some new information we have learned.
The information involved includes customers’ names and login credentials to their Minted accounts, consisting of their email address and password. The passwords were hashed and salted and not in plain text. Telephone number, billing address, shipping address(es), and, for fewer than one percent of affected customers, date of birth, also may have been impacted.
Although the passwords were hashed and salted, we believe that unauthorized actors may have later determined plain text passwords for some accounts. While customer accounts may contain the last four digits of payment or credit card numbers if saved to a customer profile, they do not contain full credit or payment card numbers. Minted does not store customers’ full payment or credit card information.
We previously requested that affected customers promptly change their passwords to their Minted accounts. In addition, we are effecting a password change for Minted account users who have not changed their passwords recently. When those customers next log into our site, they will be prompted to enter a new password.
Customers should choose a strong password that is not easy to guess and is not one that they use for any other online account. They should also change their passwords for any other online accounts for which they use the same email address and password combination used for their Minted account. If customers notice any suspicious activity in their Minted account, they should promptly contact the company.
As always, customers should be cautious of any unsolicited communications that ask for personal information and avoid clicking on links or downloading attachments from suspicious emails.
We are continuing to investigate diligently, with the ongoing assistance of outside experts. We promptly notified U.S. federal law enforcement authorities and are closely cooperating with their investigation. In addition, we are reviewing our security protocols and have taken steps to enhance security.
Minted has a team dedicated to responding to questions about the incident. Customers who have questions should please call one of our hotlines Monday through Friday from 8:00 a.m. to 8:00 p.m. US Central Time, excluding major US holidays.
US/CAN toll-free hotline: 1-844-963-2706
AU toll-free hotline: 1800 490 516
UK toll-free hotline: 0800 069 8210
UK toll hotline: +44 20 3936 1047