Computer hardware company LaCie is warning customers who have made transactions between March 27th, 2013 and March 10th, 2014 that their personal data may have been compromised. According to a statement released by the company, customer names, addresses, email addresses, payment card numbers, card expiration numbers and passwords could be at risk.
payment card numbers and expiration dates at risk
LaCie's disclosure of the year-long security breach came a month after Krebs on Security published evidence of the attack. Brian Krebs wrote extensively about "a botnet of hacked e-commerce sites" created using Adobe ColdFusion vulnerabilities. LaCie's electronic store front was reportedly ensnared in the network of malware-infected sites. At the time of report, Clive Over, the director of corporate communications for Seagate (LaCie's parent company), told Krebs on Security that the company had "conducted a preliminary investigation" and was "not aware that company or third party information was improperly accessed."
LaCie has since contracted a forensic investigation firm to assist in investigations and the implementation of additional security measures. The company is also looking into transitioning to more secure payment processing services.