At least seven months, clover sites were leaking customer data3/3.568.png Figure 1 Source: Security Discovery Following further inspection of the data available and meeting with B. Diachenko Fowler figured Clover Sites did indeed address the previous incident report. This could just mean that a separate incident corresponds to the new discovery. He contacted Ministry Brands LLC the owner of Clover Sites in October and after the researcher couldn’t convince Clover Sites of what was going on. They quickly confirmed that the two databases had a problem, and finally secured them. This makes up for a total exposure period of at least seven months which increases the chances of falling to the level of certainty in the wrong hands. The researcher sent about 20 notifications to Clover Sites, and they disregarded all of them thinking they had already addressed the reported problem. But how was the reporter in a position to access the data and provide real details if the databases were secured? In this case, the irresponsibility of the IT team at Clover Sites really beggars belief. If you’re one of the thousands who exposed their credit card’s last four digits, you should be careful about potential phishing scammers who may try to get the missing digits from you. They have your email address IP name and real name, so that they can set up pretty credible scams.