Account details of up to 50,000 may have been compromised

Mar 30, 2015 15:28 GMT  ·  By

Hackers managed to gain unauthorized access to the online store of Nite Ize, a company that makes innovative products and monitors customer transactions, and may have also reached the customer database holding the details for online accounts.

The number of customers with an account for the online services of the retailer is about 50,000, and they are located both in the US and abroad.

Emails and phone numbers could also be exposed

By planting malicious code on the website, the intruders were able to spy on online transactions for a period of eight days, from March 3 until March 11, and to steal card numbers.

The amount of affected payment cards is 309, a “relatively small number,” the company said in an announcement disclosing the breach.

Nite Ize was informed of the cyber-attack by its web service provider on March 11, at a time when it was determined that only the card data was compromised.

Two days later, the company received an update on the breach and learned that the hackers may have also peeked inside the customer database, which includes information such as the log-in credentials, names, both physical and email addresses, and phone numbers.

Banks and credit card companies alerted about the leak

Immediately after finding out about the incident, Nite Ize initiated action to remove the malicious code and secure the website to prevent further unauthorized access to sensitive data.

Moreover, the company started to notify its customers to change their Nite Ize account password to remove any risk.

To further protect its customers, Nite Ize notified the individuals whose cards were compromised and informed the issuing banks and credit card companies so that any fraud attempt could be prevented at an early stage.

“At this time, we have no evidence that any data from our general customer database was actually viewed or stolen, but are notifying our customers, in an abundance of caution,” the company says in a FAQ page on its website.

Because contact details could have been exposed to cybercriminals, customers are advised to be vigilant about scam carried out via phone and email. The recommendation is to never disclose sensitive data, such as social security number, card data or personal info, via these communication channels.