Confirming the data breach on its website, the firm – which specialises in providing external hard drives, RAID arrays, optical drives, Flash Drives, and computer monitors – said that the FBI had notified them of the intrusion on March 19, and revealed that hackers had used malware to access and exfilitrate transaction data from the LaCie website.
“On March 19, 2014, the FBI informed LaCie that it found indications that an unauthorised person used malware to gain access to information from customer transactions that were made through LaCie's website,” reads the company's statement.
“…As a precaution, we have temporarily disabled the e-commerce portion of the LaCie website while we transition to a provider that specialises in secure payment processing services. We will resume accepting online orders once we have completed the transition.
“Based on the investigation, we believe that transactions made between March 27, 2013 and March 10, 2014 were affected. The information that may have been accessed by the unauthorised person may include customers' names, addresses, email addresses, and payment card numbers and card expiration dates. Customers' LaCie website user names and passwords could also have been accessed, which is why we required a reset of all passwords.”
The firm began notifying customers on April 11 and is now working with a forensic team to work though details of the attack, as well as implement additional security measures. The news comes shortly after a Pew Research report revealed that one in five online US adults (18 percent) have had “important personal information stolen”, such as their Social Security number, credit card or bank account information. This finding represents a 63 percent rise from the same report carried out in July 2013.