2020-09-25 cbdMD, Inc. Cybersecurity Incident

Page last updated on April 11, 2024

cbdMD, Inc. initially disclosed a cybersecurity incident in an SEC 8-K filing on 2020-09-25 17:09:57 EDT.

Incident Details

Material: Unknown
Is Breach: Unknown
Records Compromised: Unknown
Data Types Impacted: No Data Types Tracked (yet)

Compromised Date:
Detected Date:
Disclosure Date: 2020-09-25
Contained Date:
Recovered Date:

Attack Goal: Unknown

Costs: No Costs Tracked (yet)


8-K filed on 2020-09-25

cbdMD, Inc. filed an 8-K at 2020-09-25 17:09:57 EDT
Accession Number: 0001654954-20-010485

Item 8.01 Other Events.

cbdMD, Inc. (the “Company”) recently determined the eCommerce platform underlying its online retail sales webpage, cbdmd.com, was modified by an unauthorized third-party to include malicious code. The malicious code created a risk that customer-input elements on the webpage may have been skimmed by an unauthorized third-party. The Company notified federal law enforcement and has been cooperating with their investigation. Although the Company cannot confirm that customer information was acquired, on or about September 28, 2020 the Company will begin providing notice of the incident to the customers who may be at risk and is offering to provide one year of identity monitoring without cost to them. The Company has implemented additional technical security measures designed to prevent similar incidents from occurring in the future.

Company Information

NamecbdMD, Inc.
SIC DescriptionPerfumes, Cosmetics & Other Toilet Preparations
CategoryNon-accelerated filer
Smaller reporting company
Fiscal Year EndSeptember 29