PAX Labs, Inc.

"On July 15, 2016, we discovered that an unauthorized party had gained access to one of our cloud-based website servers and installed unauthorized software.  PAX removed this software on July 15, 2016. Subsequently, an unauthorized party added similar software on July 22, 2016, which PAX removed that same day.   Our investigation revealed that the unauthorized party accessed personal payment card information of approximately 6,000 customers who had made purchases from either www.JUULvapor.com or www.PAXvapor.com between June 25, 2016, and July 22, 2016."The information compromised included payment card data including names, shipping and billing addresses, credit/debit card numbers, expiration dates, and security codes. More Information: http://oag.ca.gov/ecrime/databreach/reports/sb24-63327