Batteries.com—Security Breach

My Take on Life reports a breach of batteries.com’s server that compromised names, addresses, and credit card data. A small number of fraud reports have already been made that may be a result of the breach.

From the FAQ on batteries.com site, where you can learn more about the incident:

  •   What happened?
    An individual or individuals illegally “hacked” into a Batteries.com server, resulting in the exposure of name, address, and credit card information belonging to customers which was collected through Batteries.com’s website.
  • When did this happen?
    We believe the hacker(s) illegally accessed Batteries.com’s server starting on February 25, 2009 and for a period of several weeks. The access diminished significantly on or around March 17, 2009 , when we took certain enhanced data protection measures, and by April 9, 2009 , the access was terminated.
  • When did Batteries.com learn of the incident?
    We first learned of the potential exposure to the server on March 13, 2009 , when a customer reported to the company potentially unauthorized activity regarding a credit card account.
  • Thanks to a reader who sent me the link to this.

    Update of June 2: A copy of Batteries.com’s notification letter (pdf) to the New Hampshire Attorney General’s Office is now available online. The letter indicates that 865 residents of New Hampshire were to be notified, but the total number of customers affected was not indicated.

    Update of July 16: A copy of their notification to the Maryland Attorney General’s Office indicates that 3,510 residents of Maryland were being notified.

    About the author: Dissent