US data storage maker Seagate’s French subsidiary LaCie has admitted that the credit card credentials of consumers visiting its website may have been compromised in a year-long data breach.
In its breach advisory, the hard-disk manufacturer noted that it was alerted by the FBI on 19th March 2014 of an unauthorised individual using malware to breach its online store and access transactions between 27 March 2013 and 10 March 2014.
LaCie stated on its website that consumers have to check their bills for fake charges and that they would also have to change their logins when the store reopens.
"The information that may have been accessed by the unauthorised person may include customers’ names, addresses, email addresses, and payment card numbers and card expiration dates," the hard-drive maker noted.
"Customers’ LaCie website user names and passwords could also have been accessed, which is why we required a reset of all passwords."
In addition, the hardware maker was also alerted by security blogger Brian Krebs that its site may have been breached by exploiting flaws in Adobe’s ColdFusion web application development software.
Prior to LaCie, hackers exploited similar flaw and hacked the US credit card processor SecurePay and the jam-maker Smuckers.