Minted recently became aware of a report that mentioned Minted as one of ten companies impacted by a potential cybersecurity incident. Minted promptly undertook an investigation, with the assistance of outside forensic experts. The investigation determined that, on May 6, 2020, unauthorized actors obtained information from the company’s user account database. Since determining this on May 15, the company worked expeditiously to assess what information was impacted and identify affected customers.
The information involved includes customers’ names and login credentials to their Minted accounts, consisting of their email address and password. The passwords were hashed and salted and not in plain text. Telephone number, billing address, shipping address(es), and, for fewer than one percent of affected customers, date of birth, also may have been impacted. The incident did not involve payment or credit card information.
Minted also promptly notified U.S. federal law enforcement authorities and is closely cooperating with their investigation. The company is reviewing its security protocols and has taken steps to further enhance security.