Saltwater aquarium supplies seller Bulk Reef Supply announced that its website was compromised for about six months, and the company is notifying an undisclosed number of customers that their personal data – including credit card information – could be at risk.

How many victims? Undisclosed.

What type of personal information? Names, addresses, phone numbers, email addresses, usernames, passwords, and credit card information.

What happened? The Bulk Reef Supply website was compromised for about six months, and the personal information could be at risk.

What was the response? The attack was stopped, the problem was corrected, and the website has been secured. Bulk Reef Supply set up additional website monitoring, engaged a cyber security firm to perform regular ongoing security testing, and is performing a comprehensive review of all security processes. All users are being asked to change their passwords. All impacted customers are being notified, and offered a free year of credit monitoring and identity theft monitoring services.

Details: The attack occurred on July 30, 2014, and Bulk Reef Supply discovered it on Jan. 21. The data compromise was contained on Jan. 22, and further corrective action was taken on Jan. 30.

Quote: “We want to express our sincere regret to the customers of Bulk Reef Supply whose personal information was stolen from our website server,” according to a notification posted to the Bulk Reef Supply website.

Source:, “Security Update,” Feb. 18, 2015;, “Data Breach FAQ.”