Outdoor equipment retailer Bailey’s Inc. notified its customers that an attacker may have stolen payment card information from the company website and that the length of the breach was longer than once thought.
How many victims? 250,000
What type of information? Credit card numbers, cardholder names, CCV numbers, credit card expiration dates, addresses and phone numbers, email addresses, log in credentials to BaileysOnline.com, and other information typed into the website related to customer orders.
What happened? Between Dec. 1, 2011 and Jan. 26, 2016 an attacker gained unauthorized access to customer information on BaileysOnline.com.
What was the response? Bailey’s informed its customers that their payment card and personal information may have been stolen due to a cyber attack on the company website. The company also informed various law enforcement agencies as well as Wells Fargo Bank, MasterCard, Visa, American Express and Discover.
Initially officials thought the compromise began on Sept. 25, 2015, but later found that the cyber attacks began in December 2011.
The company has engaged a security consultant and has implemented the consultant’s recommendations to strengthen their security protections.
Customers are strongly encouraged monitor to their accounts for suspicious activity and to take preventative measures including changing their login passwords for BaileysOnline.com.
The company said it has replaced its servers, enhanced its firewalls, integrated mandatory changes with respect to passwords, and integrated new software into the website.
Details: Of these exposed cards, nearly 25 percent were MasterCard cards, 64 percent were Visa cards, and fewer than six percent were Discover cards, and fewer than five percent were American Express.
Quote: “We apologize for the inconvenience resulting from the theft by unknown people of your information described above,” the Bailey’s Team said in the breach notice. “Please note that we have taken immediate steps to prevent a [recurrence].”
Source: Bailey’s Notice of Data Breach, Bailey’s spokesperson