14 DAY TRIAL // Batteries.com, a supplier of batteries and accessories for electronic consumer products, has announced a data breach incident after unknown individuals obtained unauthorized access to the server used to host its online store. Customer names, addresses and credit card details were stolen and some of the information has already been used for fraud.
In a security breach notification letter sent to the Office of New Hampshire Attorney General, the company notes that "The hacking commenced on February 25, 2009 and continued for a period of several weeks. Batteries.com became aware of the hacking in March 2009, after which it began investigating and put in place a series of measures to prevent further risk to customers."
On a FAQ Web page, which the company set up following this incident, it is noted that suspicions about a potential exposure started to appear after a customer informed the merchant of unauthorized activity on their credit card account. "As of April 25, 2009, a small number of Batteries.com customers had contacted the company to report potential unauthorized activity regarding their credit card accounts," the page also reveals.
The Indiana-based battery store did not specify how many of their customers were affected by this breach of security, but the aforementioned notification letter mentions 825 people in New Hampshire alone. By extrapolating from the number of people living in this state, under 0.5 percent of the total U.S. population, one could easily speculate that the data breach might be massive.
As required by the law, the company is providing two years of free credit monitoring services for its customers. In addition, computer forensic specialists have been contracted to assist with the investigation and the law enforcement agencies as well as the credit card companies have been alerted to the incident.
"Batteries.com sincerely regrets this incident and is committed to maintaining the confidentiality of its customers' personal information. The company has taken a number of steps to assure the security of data and minimize the likelihood of a similar incident occurring in the future, including limiting the amount of personal information stored, how such information is stored and the time such information is stored," the notification letter reads.