Sports Equipment Retailer Hit By BreachMalware Attack Affects Online Customers' Information
See Also: The Global State of Online Digital Trust
Compromised information may include credit card numbers along with the security codes, plus customers' names, addresses, telephone numbers, and e-mail addresses, the company says.
Those affected by the breach are Easton-Bell customers who made online purchases Dec. 1 through 31, 2013, the company reports.
Easton-Bell Sports markets equipment under the brands Easton, Bell, Riddell, Giro, Blackburn and Easton Cycling.
During an internal investigation of another issue on Dec. 31, Easton-Bell Sports discovered odd coding being injected into their servers, according to a statement provided to Information Security Media Group. The company says it can't confirm whether an unauthorized third party actually received the personal information on customers that was exposed in the intrusion; the investigation is ongoing.
"Upon discovery of this intrusion, we immediately shut down the affected servers and hired outside consultants to conduct an exhaustive investigation of this matter," the company says.
Affected customers are being offered free identity theft protection services for one year, according to a breach notification letter.
Andrew Komarov, CEO of the cybercrime intelligence firm IntelCrawler, told BankInfoSecurity on Jan. 20 that the malware strain known as BlackPOS, or a variant of it, has been linked to at least six other retailers, beyond Target and Neiman Marcus.
That strain has not been linked to any online compromises, such as the one suffered by Easton-Bell, IntelCrawler says.