Data Security Incident FAQ

ReFa USA greatly values the relationship we have with our customers and understands the importance of protecting personal information.  We wanted to provide background information regarding a recent data security incident that was confirmed on September 9, 2021 following an investigation.  

What happened?

ReFa USA recently discovered a data security incident on our e-commerce platform. We immediately launched a comprehensive investigation, moved the server offline, suspended credit card transactions, and engaged a third-party forensic specialist to determine the nature and scope of the incident. On September 9, 2021, the investigation concluded that the incident occurred between June 25, 2020 and June 15, 2021 and potentially impacted some transactions. While we have no evidence that any personal information was accessed, acquired, or misused, out of an abundance of caution, we provided individual notifications to potentially impacted parties outlining proactive steps to protect important personal information. 

What information was disclosed/impacted about me?

Information that may have been potentially exposed in the incident includes name, address, and credit card information, however, we have no evidence indicating any personal information was accessed, acquired, or misused. 

We have never stored full credit card information beyond the completion of the sales transaction. There was no other personal information involved in this incident. 

Is there an active cybersecurity threat? 

No. The incident was contained, and our networks are secure. We have implemented enhanced security protocols.  During the investigation, we suspended all sales activity on our platform to ensure the threat was contained.

Who are the attackers?

We have provided law enforcement with all the relevant information from our investigation. The forensic specialist was unable to provide any specific identifying details. 

What are you doing to keep this from happening again?

ReFa USA is committed to safeguarding its network against future threats and was very proactive in containing this event. Upon discovering this incident, we immediately launched an investigation with a third-party forensic expert, moved the affected server offline and suspended all credit card transactions. We also transitioned the sale of our products to an e-commerce and point of sale platform providing enhanced security and streamlined transactions for our customers. 

Additional questions?

For questions or for additional information, please contact