French hardware company LaCie, which advertises its products as secure data storage, is the latest hacker-breached company — and this one’s a doozie.

The hard drive maker this week confessed to a year-long credit card breach at its online store. LaCie, owned by Seagate, said in an advisory that an unauthorized party may have gained access to customers’ credit card numbers and expiration dates as well as names, emails, and addresses for all transactions between March 27, 2013, and March 10, 2014.


The company says it didn’t realize its data was compromised until the FBI came knocking on March 19. The bureau realized that someone used malware to swipe data from LaCie’s site. In response, LaCie hired “a leading forensic investigation firm” to look into the matter and temporarily disabled its online store, the company said. It started notifying customers on April 11.

It’s unclear how much customer data the hacker (or hacker group) accessed. But we do know how the nefarious party breached LaCie’s defenses: a vulnerability in Adobe’s ColdFusion software.

ColdFusion flaws have enabled several high-profile attacks, including breaches at credit card processor SecurePay, Smuckers, and research firm LexisNexis.

If you see a fraudulent charge on your credit or debit card, said LaCie, you should immediately contact the financial institution that issued your card.

If that describes your situation, you’re not alone: Nearly one in five U.S. adults say their important personal info has been stolen online.

Editor’s Note: An earlier version of this article stated that someone used ColdFusion vulnerabilities to swipe source code from Adobe itself. While Adobe has admitted that someone illegally accessed source code for ColdFusion and other Adobe products in late 2013, it’s unclear if the person(s) used ColdFusion vulnerabilities to breach Adobe and if any code was taken. Thanks to Brad Wood for pointing this out.

Reblog this post [with Zemanta]