NORTH BERGEN, New Jersey, Nov. 11, 2016 /PRNewswire/ — A & M (2015) LLC (“A&M”) today announced that a recent data security incident may have compromised the security of payment information of some customers who used debit or credit cards at Annie Sez, Afaze, Mandee, Sirens and Urban Planet locations between November 24, 2015 and August 23, 2016. Customers who used their credit or debit card at the Annie Sez location in Danbury, Connecticut between October 15, 2015 to August 23, 2016 or Mandee location in Bergenfield, New Jersey between October 14, 2015 and August 23, 2016 may also be affected by this incident. Customers can now safely use their credit and debit cards at Annie Sez, Afaze, Mandee, Sirens and Urban Planet locations. This incident did not affect any purchases made on www.mandee.com.

What Happened?  A&M began investigating unusual activity after receiving reports from its credit card processor. A&M immediately began working with third-party forensic experts to investigate these reports and to identify any signs of compromise on its computer systems. On August 11, 2016, A&M discovered suspicious files on its computer systems that indicated a potential compromise of customers’ debit and credit card data for some debit and credit cards used at Annie Sez, Afaze, Mandee, Sirens and Urban Planet locations. On August 23, 2016, A&M determined that the files were capable of collecting credit card information and immediately removed them. 

Since that time, A&M has been working with third-party forensic investigators to determine what happened and what information was affected.  The Company has confirmed that malware may have stolen data from some credit and debit cards used at U.S. Annie Sez, Afaze, Mandee, Sirens and Urban Planet locations. The Company has removed the malware at issue to contain this incident and implemented additional procedures in an effort to prevent any further unauthorized access to customers’ debit or credit card information. This incident did not involve online debit or credit card transactions at any of these brands’ websites.

What Information Was Involved?  Through the ongoing third-party forensic investigations, A&M confirmed that malware may have stolen credit or debit card data from some credit and debit cards used at Annie Sez, Afaze, Mandee, Sirens and Urban Planet locations between November 24, 2015 and August 23, 2016.  The information at risk as a result of this event for credit or debit cards used at all impacted locations but the Danbury, Connecticut Annie Sez location and the Bergenfield, New Jersey Mandee location includes the card number, expiration date and CVV.  The information at risk as a result of this event for those who used their credit or debit card at the Annie Sez location in Danbury, Connecticut between October 15, 2016 to August 23, 2016 and Mandee location in Bergenfield, New Jersey between October 14, 2016 and August 23, 2016 includes name, card number, expiration date and CVV. This incident did not involve customers’ Social Security numbers as this information is never collected by A&M. This incident did not involve customers’ PIN numbers, either.

What We Are Doing.  “A&M takes the security of our customers’ information extremely seriously, and we apologize for the inconvenience this incident may have caused our customers,” Eric Grundy, CEO of A & M (2015) LLC, stated. Eric Grundy, expanded, “We continue to work with third-party forensic investigators and law enforcement officials to ensure the security of our systems on behalf of our customers and would like to take this opportunity to remind customers to remain vigilant against identity theft by reviewing their financial account statements regularly and monitoring their credit reports for suspicious activity.”

For More Information.  A&M has established a dedicated assistance line for individuals seeking additional information regarding this incident. Customers can call 1-844-512-9007, 9 a.m. to 9 p.m. EDT, Monday through Friday (excluding U.S. holidays). Customers can also find information on this incident and what they can do to better protect against fraud and identity theft at www.mandee.com and www.anniesez.com.

What You Can Do.  A&M encourages all customers to remain vigilant against identity theft by reviewing their financial account statements regularly and monitoring their credit reports for suspicious activity. Customers should immediately report any unauthorized charges to their card issuer. The phone number to call is usually on the back of the credit or debit card. Under U.S. law, individuals over the age of 18 are entitled to one free credit report annually from each of the three major credit bureaus. To order a free credit report, visit www.annualcreditreport.com or call, toll-free, 1-877-322-8228. Customers may also contact the three major credit bureaus directly to request a free copy of their credit report.

A&M encourages customers who believe they may be affected by this incident to take additional action to further protect against possible identity theft or other financial loss. At no charge, customers can have these credit bureaus place a “fraud alert” on their file, alerting creditors to take additional steps to verify their identity prior to granting credit in their name. Note, however, that because it tells creditors to follow certain procedures to protect the customer, a fraud alert may also delay customers’ ability to obtain credit while the agency verifies their identity. As soon as one credit bureau confirms a customer’s fraud alert, the others are notified to place fraud alerts on the customer’s file. Should customers wish to place a fraud alert or have any questions regarding their credit reports, they may contact any one of the agencies listed below. 

Customers may also place a security freeze on their credit reports. A security freeze prohibits a credit reporting agency from releasing any information from a customer’s credit report without the consumer’s written authorization. However, customers should be aware that placing a security freeze on their credit reports may delay, interfere with or prevent the timely approval of any requests they make for new loans, credit mortgages, employment, housing, or other services. If a customer has been a victim of identity theft and provides a credit reporting agency with a valid police report, the agency cannot charge the customer to place, lift or remove a security freeze. In all other cases, a credit reporting agency may charge a fee to place, temporarily lift or permanently remove a security freeze. Customers will need to place security freezes separately with each of the three major credit bureaus listed above if they wish to place a freeze on all of their credit files. To find out more about how to place a security freeze, customers can contact the credit reporting agencies using the information below:

Customers can further educate themselves regarding identity theft, fraud alerts and the steps they can take to protect themselves, by contacting the Federal Trade Commission or their state attorney general.  The Federal Trade Commission can be reached at 600 Pennsylvania Avenue NW, Washington, D.C. 20580, www.ftc.gov/idtheft/, 1-877-ID-THEFT (1-877-438-4338); TTY: 1-866-653-4261. The Federal Trade Commission also encourages those who discover that their information has been misused to file a complaint with the Commission.  Customers can obtain further information on how to file such a complaint by way of the contact information listed above.  Instances of known or suspected identity theft should also be reported to law enforcement.