Breach

Card data accessed in malware attack on Easton-Bell vendor servers

January 21, 2014

Malware discovered on vendor servers may have led to the compromise of personal information, including payment cards, for anyone who shopped on the Easton-Bell Sports website in December 2013.

How many victims? Undisclosed.  

What type of personal information? Names, addresses, telephone numbers, email addresses and payment card numbers, along with three or four digit card security codes.

What happened? Malware was introduced into vendor servers, which gave an unauthorized party access to the personal information.

What was the response? Upon discovery, the affected servers were shut down, the malware was removed and the servers were rebuilt. A forensic specialist conducted an investigation and the vendor is taking additional measures to ensure a similar incident does not occur. Impacted individuals are being notified and offered 12 to 24 months of free identity theft protection services.

Details: Easton-Bell learned on Jan. 9 that malware had been discovered on vendor servers. Customers that may have been impacted would have made online purchases between Dec. 1, 2013 and Dec. 31, 2013.

Quote: “Although our investigation has not found that your information has been misused, we treat this matter with the utmost seriousness,” Terry Lee, Easton-Bell Sports CEO, wrote in the notification letter.

Source: eastonbellsports.com, “Statement about Computer Intrusion,” Jan. 17, 2014.

UPDATE: Easton-Bell said that roughly 6,000 individuals were impacted in the breach, according to a Wall Street Journal blog.
prestitial ad