LaCie, a secure technology producer, confirmed that an unauthorized party used malware to access its online payment system for almost a year and could have stolen customers’ personal and card information.

Customer names, addresses, emails, and payment card numbers and expiration dates could have been compromised, according to a release, and all transactions made between March 27, 2013 and March 10, 2014 were affected.

The Federal Bureau of Investigation (FBI) notified the retailer of the security risk in mid-March, and the company began notifying customers last week.

Online ordering has been preemptively disabled while more secure payment services are implemented. An investigation firm is also looking into the incident. LaCie required all customers to reset their passwords.