Malware has been removed following the incident

Apr 3, 2015 12:10 GMT  ·  By

Hackers installing malware on the web server hosting the website of Law Enforcement Targets (LET) managed to exfiltrate sensitive financial information belonging to customers.

Since LET is a designer and provider of targets and gear for gun practice, its clients are far from being the average Joe. They consist of government agencies and law enforcement organizations, as well as shooting range gun clubs and shooting enthusiasts.

No SSNs or driver's license data stolen

It is uncertain when the compromise was detected, but the company announced that the breach spanned between March 3 and March 10, 2015.

As soon as the incident became known, LET took action to remove the malware from the affected system and searched for other pieces of malicious code that may have been lurking. The operation was carried out with the assistance of a third party that provided experts in data security to help with mitigating the risks.

The company does not reveal how the hackers gained access to the sensitive data, but it says that the leaked information likely included customer names, email addresses, credit card numbers, phone numbers, and physical addresses.

It appears that the affected database did not contain social security numbers or driver’s license details; on the same note, no evidence was found that credentials for the LET accounts fell in the hands of the attacker(s).

Customers advised to check account statements

The gun target manufacturer already started to notify the individuals impacted by the incident. In a letter to them, Division Manager David O’Meara provides recommendations on how to protect against fraud risks.

People should check their financial accounts for any suspicious activity on a regular basis and inform the bank if irregularities are recorded.

O’Meara also advises placing a fraud alert on the credit report, which is free the first time and covers a period of 90 days. If fraudulent activity is identified, creditors receive an alert in order to stop the approval of loans without more extensive verification of the applicant.