Seagate-owned LaCie fessed up on Tuesday to a major security breach that put sensitive customer information at risk for nearly a year. The hard drive and peripheral storage maker isn’t sure what information has been compromised; however, the company says the list may include customer names, email addresses, credit card numbers and card expiration dates.
In short, the bad guys may have nabbed everything a malicious attacker would need to post fraudulent charges to a LaCie customer’s credit card.
LaCie said the breach was the result of a malware intrusion that allowed hackers to obtain information from the company’s online storefront between 27 March 2013 and 10 March 2014.
LaCie has disabled its e-commerce site as a precaution and will reboot the online storefront after moving to a secure payment processing service.
As a precaution, LaCie is also resetting every user’s password. The company isn’t sure if user names and passwords were compromised, but a mandatory password reset is standard operating procedure with major security breaches these days.
The company did not mention how the intrusion happened. But a 17 March report from independent security reporter Brian Krebs said the LaCie hack relied on a vulnerability in Adobe’s ColdFusion software. ColdFusion is Adobe’s software suite for building web applications. Krebs first reported the LaCie breach one month ago.
If you’ve bought anything directly from LaCie between March 2013 and March 2014, you may want to double check your credit card statements for any fraudulent charges. LaCie is also advising its customers to keep an eye on their credit reports, which you can obtain for free every 12 months from Equifax, Experian and Transunion. You can find information about how to obtain your credit report on La Cie’s security notice, as well as the law enforcement offices you should contact in the case of identity theft.
by Ian Paul, Macworld