LaCie buyer data hacked between March 2013 & March 2014

RainfallWithin · April 18, 2014

Quotes from BBC News source: http://www.bbc.com/news/technology-27046971

French computer storage specialist LaCie has said credit card details and passwords of shoppers who used its site may have been stolen.

The hard-disk maker said the FBI had alerted it to "indications" of a hacker having used malware to copy details entered into its online store.

It added that the suspected breach was thought to have lasted from 27 March 2013 to 10 March this year.

LaCie was taken over by US tech company Seagate in 2012, but still sells goods using its name.

The attack, if confirmed, could be particularly damaging for LaCie as the brand has security products among its wares.

LaCie said it had disabled its online store while it shifted it to a secure payment specialist.

A statement on LaCie's website said that shoppers should check their bills for fraudulent charges and that they would need to change their logins when its store reopened.

"The information that may have been accessed by the unauthorised person may include customers' names, addresses, email addresses, and payment card numbers and card expiration dates," it said.

"Customers' LaCie website user names and passwords could also have been accessed, which is why we required a reset of all passwords."

The statement said that LaCie was alerted to the problem by the FBI on 19 March.

However, security blogger Brian Krebs had warned the company earlier that month that its site might have had credit card data stolen by a criminal gang exploiting vulnerabilities in Adobe's ColdFusion web application development software.

On 17 March Mr Krebs reported that LaCie had told him that its preliminary investigation had found no indication that customer data had been compromised.

But in a follow-up article, Mr Krebs said that LaCie had now acknowledged there were "indications" that someone had used malware that exploited the flaws in Adobe's code.

Personal Thoughts

I think this clearly shows all companies that data security is not something you think about once and then forget about. The fact LaCie are selling security software and that they dismissed a warning about a possible data breach suggests that they haven't felt it was a top priority.

I have bought LaCie external mechanical drives before and they have been very good. I bought them from Amazon many years ago, so I'm confident I'm not at all affected by this hacking, however I'm sure there are more companies out there that haven't yet realised that their data is being taken from them. As a result, I will be logging into my bank account a bit more frequently just to keep an eye on the sums leaving my account.