An undisclosed number of individuals are being notified that unauthorized access was gained to EyeBuyDirect's website and personal information – including payment card data – may have been compromised.
How many victims? Undisclosed.
What type of personal information? Names, mailing addresses, shipping addresses, phone numbers, email addresses, credit card numbers and CVV codes.
What happened? Unauthorized access was gained to EyeBuyDirect's website and the personal information may have been compromised.
What was the response? Upon discovery of the intrusion, actions were taken to disable the attackers' access. Additional security measures have been implemented in order to reduce the likelihood of similar incidents occurring in the future. All potentially affected individuals are being notified, and offered a free year of identity theft protection.
Details: Attackers using a Russian IP address gained unauthorized access to EyeBuyDirect's website sometime between Feb. 9 and May 30. EyeBuyDirect learned of the incident on June 16. Forensic investigators were retained to assess the incident, and the final report was returned to EyeBuyDirect on Sept. 22.
Source: doj.nh.gov, “Data Breach – EyeBuyDirect, Inc.,” Oct. 13, 2015.