BreachExchange mailing list archives
Lacie confesses to year-long data breach as hackers harvest customers' details
From: Richard Forno <rforno () infowarrior org>
Date: Wed, 16 Apr 2014 14:20:13 -0400
Lacie confesses to year-long data breach as hackers harvest customers' details By Chris Merriman Wed Apr 16 2014, 16:11 http://www.theinquirer.net/inquirer/news/2340305/lacie-confesses-to-year-long-data-breach-as-hackers-harvest-customers-details STORAGE MAKER Lacie has revealed a security breach affecting visitors to its website, who might have had their credit card details swiped. A hacker repeatedly exploited a flaw in the Lacie website, using malware to gain access to customer details. The incident only came to light when the US Federal Bureau of Investigation (FBI) contacted Lacie on 19 March. Anyone who made a credit card purchase on the Lacie website between 27 March 2013 and 10 March 2014 appears to have had their personal information compromised, including names, addresses, email accounts and payment card details. Lacie has reset all passwords for the website, as these are likely to have been accessed too. The company is in the process of contacting affected customers by email. In a statement, the company advised, "If you see a fraudulent charge on your card, please immediately contact the bank that issued your card. Major credit card companies typically guarantee cardholders will not be responsible for fraudulent charges. Please be on the lookout and review your account statements for any unauthorized activity." The company, which was bought by Seagate last year, recently announced what it claims to be the world's fastest portable hard drive, aimed at the 4K video market. With a price of over £1,000, this level of spending potential might have been what attracted hackers to target Lacie specifically. A "leading forensic investigation firm" is attempting to track down the cuprit, while Lacie is working on better security measures. In the meantime, the shopping part of the website has been disabled. µ --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. _______________________________________________ Dataloss Mailing List (dataloss () datalossdb org) Archived at http://seclists.org/dataloss/ Unsubscribe at http://lists.osvdb.org/mailman/listinfo/dataloss For inquiries regarding use or licensing of data, e-mail sales () riskbasedsecurity com Supporters: Risk Based Security (http://www.riskbasedsecurity.com/) YourCISO is an affordable SaaS solution that provides a comprehensive information security program that ensures focus on the right security. If you need security help or want to provide real risk reduction for your clients contact us!
Current thread:
- Lacie confesses to year-long data breach as hackers harvest customers' details Richard Forno (Apr 17)