Almeida Law Group is investigating a data breach at Chief River Nursery. The breach occurred on 02/12/2026 – 03/17/2026 and was discovered on 05/01/2026. If you were affected, contact Almeida Law Group.
About Chief River Nursery
Chief River Nursery, operated by Kochs Nursery Supply Inc. as a DBA, is a family-owned retail plant nursery based in Grafton, Wisconsin that specializes in bare root trees, shrubs, and seedlings. The company has been in business for nearly 40 years and sells to homeowners, landowners, wildlife enthusiasts, and forestry professionals across the US and Canada through its e-commerce website. Because the company accepts online payments, customers’ payment card data was at risk in this incident.
What Happened?
Chief River Nursery was listed in a Maine Attorney General data breach filing submitted on June 1, 2026. According to the filing and the consumer notice, CRN became aware of suspicious activity on its website on or around March 17, 2026. An investigation confirmed on May 1, 2026 that payment card data entered on the company’s checkout page may have been copied without authorization between February 12, 2026 and March 17, 2026. The compromised information includes names and payment card information. The incident was classified as an external system breach (hacking). Affected consumers were notified in writing on June 1, 2026. No identity theft protection services were offered.
The pattern of the incident — malicious code or activity capturing payment card data from a checkout page over a multi-week period — is consistent with a web skimming or Magecart-style attack. No threat actor has been publicly attributed, and no independent media or cybersecurity reporting about this specific breach has been identified beyond the Maine AG filing. The total number of persons affected nationally was not disclosed in the filing. No prior breaches within the past 12 months were reported, and no class action litigation related to this breach has been filed as of June 2, 2026.
Key Facts at a Glance
- Company or Organization: Chief River Nursery (Kochs Nursery Supply Inc.)
- Industry: Retail plant nursery / e-commerce
- Location: 976 Ulao Road, Grafton, Wisconsin 53024
- Incident type: External system breach (hacking); web skimming of checkout page
- Date of breach: February 12, 2026 – March 17, 2026
- Date breach discovered: May 1, 2026
- Date of consumer notification: June 1, 2026
- Identity theft protection offered: No
- Source: Maine Attorney General Filing; BBB Business Profile; Garden Savvy
What Should You Do?
If you received a notice from Chief River Nursery or made a purchase on its website between February and March 2026, you should act promptly to protect yourself. Although no identity theft protection services were offered, you can place a fraud alert or credit freeze with the three major credit bureaus — Equifax, Experian, and TransUnion — at no cost. Monitor your payment card statements closely and report any unauthorized charges directly to your card issuer using the number on the back of your card. You are entitled to one free credit report annually from each bureau through AnnualCreditReport.com. Review those reports for unfamiliar accounts or activity. If you believe your information has been misused, visit IdentityTheft.gov to report the incident and get a personalized recovery plan.
Your Legal Rights
If your personal information was involved in this breach, you may have legal rights depending on the facts of the incident and the law in your state. Almeida Law Group represents consumers in data breach and privacy litigation and can help you evaluate whether you may have a claim. Contact us at (708) 529-5418 or through our contact page for a free case evaluation.
