Hard drive maker LaCie suffered a major breach that put sensitive customer information at risk for nearly a year.
The French hard drive and peripheral storage maker is not sure what information ended up compromised, but the it may include customer names, email addresses, credit card numbers, and card expiration dates.
LaCie, which is set to merge with American hard drive maker Seagate, said it learned about the breach on March 19, 2014 by the FBI.
LaCie said the breach was the result of a malware intrusion that allowed hackers to obtain information from the company’s online storefront between March 27, 2013 and March 10, 2014.
LaCie has disabled its e-commerce site as a precaution and will reboot the online storefront after moving to a secure payment processing service.
As a precaution, LaCie is also resetting every user’s password. The company isn’t sure if the attackers were able to get their hands on user names and passwords, but a mandatory password reset is standard operating procedure with major security breaches.
The company did not mention how the intrusion happened. However, a March 17 report from independent security reporter Brian Krebs said the LaCie hack relied on a vulnerability in Adobe’s ColdFusion software. ColdFusion is Adobe’s software suite for building Web applications.
Krebs said the digital storefront had “been compromised by a group of hackers that broke into dozens of online stores using security vulnerabilities in Adobe’s ColdFusion software.”
Adobe suffered an attack last fall, both customer information and source codes for numerous Adobe products vulnerable, including Adobe Acrobat, ColdFusion, and the ColdFusion Builder. In that case, although the original estimated number of accounts affected hovered under three million, the count was later updated to 38 million. Adobe has since patched the ColdFusion holes.