Sports Equipment Retailer Hit By Breach

Malware Attack Affects Online Customers' Information
Sports Equipment Retailer Hit By Breach

Sports equipment company Easton-Bell Sports reports that malware compromised its vendor servers, exposing personal information and credit card data for about 6,000 of its online customers.

See Also: Hunt Cloud Threats or Be Hunted | CISO Guide to Cloud Compromise Assessments

Compromised information may include credit card numbers along with the security codes, plus customers' names, addresses, telephone numbers, and e-mail addresses, the company says.

Those affected by the breach are Easton-Bell customers who made online purchases Dec. 1 through 31, 2013, the company reports.

Easton-Bell Sports markets equipment under the brands Easton, Bell, Riddell, Giro, Blackburn and Easton Cycling.

During an internal investigation of another issue on Dec. 31, Easton-Bell Sports discovered odd coding being injected into their servers, according to a statement provided to Information Security Media Group. The company says it can't confirm whether an unauthorized third party actually received the personal information on customers that was exposed in the intrusion; the investigation is ongoing.

"Upon discovery of this intrusion, we immediately shut down the affected servers and hired outside consultants to conduct an exhaustive investigation of this matter," the company says.

Affected customers are being offered free identity theft protection services for one year, according to a breach notification letter.

The breach at Easton-Bell is not believed to be linked to the recent wave of point-of-sale malware attacks that compromised Target Corp. and Neiman Marcus, and others that have yet to be named.

Andrew Komarov, CEO of the cybercrime intelligence firm IntelCrawler, told BankInfoSecurity on Jan. 20 that the malware strain known as BlackPOS, or a variant of it, has been linked to at least six other retailers, beyond Target and Neiman Marcus.

That strain has not been linked to any online compromises, such as the one suffered by Easton-Bell, IntelCrawler says.

About the Author

Jeffrey Roman

Jeffrey Roman

News Writer, ISMG

Roman is the former News Writer for Information Security Media Group. Having worked for multiple publications at The College of New Jersey, including the College's newspaper "The Signal" and alumni magazine, Roman has experience in journalism, copy editing and communications.

Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing, you agree to our use of cookies.