bit-tech.net

LaCie customers hit by data breach

LaCie customers hit by data breach

Storage specialist LaCie has warned customers of a data breach which has resulted in ne'er-do-wells making off with usernames, passwords and credit card details.

Storage specialist LaCie has warned customers of a major data breach that may have compromised their personal data used for purchases between March 2013 and 2014.

The hole in the company's servers is not, it has been quick to reassure customers, indicative of the security of its storage products in general; no customer data stored on the company's cloud services or network-connected storage devices is thought to be involved in the breach. Rather, the attack targeted the company's ecommerce system, making off with transaction information for purchases made in the last year.

'On March 19, 2014, the FBI informed LaCie that it found indications that an unauthorised person used malware to gain access to information from customer transactions that were made through LaCie's website,' the company explained to customers in a statement made nearly a month after it was alerted to the breach. 'We believe that transactions made between March 27, 2013 and March 10, 2014 were affected. The information that may have been accessed by the unauthorised person may include customers' names, addresses, email addresses, and payment card numbers and card expiration dates. Customers' LaCie website user names and passwords could also have been accessed, which is why we required a reset of all passwords.'

LaCie has not confirmed how the data was stored; while credit card information should be encrypted, password are better stored as salted one-way hashes which become much harder for an attacker to crack. Either way, those with LaCie accounts are advised to change their passwords, both on the LaCie service itself and anywhere else where the same or similar password was used, and to keep a close eye on their credit card statements for unauthorised activity.

'As a precaution, we have temporarily disabled the ecommerce portion of the LaCie website while we transition to a provider that specialises in secure payment processing services,' the company added. 'We will resume accepting online orders once we have completed the transition.'

1 Comment

Discuss in the forums Reply
Corky42 16th April 2014, 11:44 Quote
So they had been breached for over a year and didn't even know
And even when told they had a breach, they decided to leave it another month before informing the people involved :(
If company's are expecting everything to be based in the cloud in the future they are really going to have to get their act together before i trust my data to them.
Log in

You are not logged in, please login with your forum account below. If you don't already have an account please register to start contributing.



Discuss in the forums