French hardware company LaCie, which advertises its products as secure data storage, is the latest hacker-breached company — and this one’s a doozie.

The hard drive maker this week confessed to a year-long credit card breach at its online store. LaCie, owned by Seagate, said in an advisory that an unauthorized party may have gained access to customers’ credit card numbers and expiration dates as well as names, emails, and addresses for all transactions between March 27, 2013, and March 10, 2014.

Ouch.


From VentureBeat
Get faster turnaround on creative, more testing, smarter improvements and better results. Learn how to apply agile marketing to your team at VB’s Agile Marketing Roadshow in SF.

The company says it didn’t realize its data was compromised until the FBI came knocking on March 19. The bureau realized that someone used malware to swipe data from LaCie’s site. In response, LaCie hired “a leading forensic investigation firm” to look into the matter and temporarily disabled its online store, the company said. It started notifying customers on April 11.

It’s unclear how much customer data the hacker (or hacker group) accessed. But we do know how the nefarious party breached LaCie’s defenses: a vulnerability in Adobe’s ColdFusion software.

ColdFusion flaws have enabled several high-profile attacks, including breaches at credit card processor SecurePay, Smuckers, and research firm LexisNexis.

If you see a fraudulent charge on your credit or debit card, said LaCie, you should immediately contact the financial institution that issued your card.

If that describes your situation, you’re not alone: Nearly one in five U.S. adults say their important personal info has been stolen online.

Editor’s Note: An earlier version of this article stated that someone used ColdFusion vulnerabilities to swipe source code from Adobe itself. While Adobe has admitted that someone illegally accessed source code for ColdFusion and other Adobe products in late 2013, it’s unclear if the person(s) used ColdFusion vulnerabilities to breach Adobe and if any code was taken. Thanks to Brad Wood for pointing this out.

Reblog this post [with Zemanta]
More information:

Seagate is the global leader in data storage solutions, developing amazing products that enable people and businesses around the world to create, share and preserve their most critical memories and business data. Over the years the amo... read more »

Whether it's a smartphone or tablet app, a game, a video, a digital magazine, a website, or an online experience, chances are that it was touched by Adobe technology. Our tools and services enable our customers to create groundbreaking... read more »

Powered by VBProfiles


VB’s research team is studying web-personalization... Chime in here, and we’ll share the results.