Lacie confesses to year-long data breach as hackers harvest customers' details

[Richard Forno <rforno () infowarrior org>]

Lacie confesses to year-long data breach as hackers harvest customers' details
By Chris Merriman
Wed Apr 16 2014, 16:11     

http://www.theinquirer.net/inquirer/news/2340305/lacie-confesses-to-year-long-data-breach-as-hackers-harvest-customers-details
            

STORAGE MAKER Lacie has revealed a security breach affecting visitors to its website, who might have had their credit 
card details swiped.

A hacker repeatedly exploited a flaw in the Lacie website, using malware to gain access to customer details. The 
incident only came to light when the US Federal Bureau of Investigation (FBI) contacted Lacie on 19 March.

Anyone who made a credit card purchase on the Lacie website between 27 March 2013 and 10 March 2014 appears to have had 
their personal information compromised, including names, addresses, email accounts and payment card details.

Lacie has reset all passwords for the website, as these are likely to have been accessed too. The company is in the 
process of contacting affected customers by email.

In a statement, the company advised, "If you see a fraudulent charge on your card, please immediately contact the bank 
that issued your card. Major credit card companies typically guarantee cardholders will not be responsible for 
fraudulent charges. Please be on the lookout and review your account statements for any unauthorized activity."

The company, which was bought by Seagate last year, recently announced what it claims to be the world's fastest 
portable hard drive, aimed at the 4K video market. With a price of over £1,000, this level of spending potential might 
have been what attracted hackers to target Lacie specifically.

A "leading forensic investigation firm" is attempting to track down the cuprit, while Lacie is working on better 
security measures. In the meantime, the shopping part of the website has been disabled. µ

---
Just because i'm near the punchbowl doesn't mean I'm also drinking from it.

_______________________________________________
Dataloss Mailing List (dataloss () datalossdb org)
Archived at http://seclists.org/dataloss/
Unsubscribe at http://lists.osvdb.org/mailman/listinfo/dataloss
For inquiries regarding use or licensing of data, e-mail
        sales () riskbasedsecurity com 

Supporters:

Risk Based Security (http://www.riskbasedsecurity.com/)
YourCISO is an affordable SaaS solution that provides a comprehensive information security program that ensures focus 
on the right security.  If you need security help or want to provide real risk reduction for your clients contact us!