May 292009
 

My Take on Life reports a breach of batteries.com’s server that compromised names, addresses, and credit card data. A small number of fraud reports have already been made that may be a result of the breach.

From the FAQ on batteries.com site, where you can learn more about the incident:

  •   What happened?
    An individual or individuals illegally “hacked” into a Batteries.com server, resulting in the exposure of name, address, and credit card information belonging to customers which was collected through Batteries.com’s website.
  • When did this happen?
    We believe the hacker(s) illegally accessed Batteries.com’s server starting on February 25, 2009 and for a period of several weeks. The access diminished significantly on or around March 17, 2009 , when we took certain enhanced data protection measures, and by April 9, 2009 , the access was terminated.
  • When did Batteries.com learn of the incident?
    We first learned of the potential exposure to the server on March 13, 2009 , when a customer reported to the company potentially unauthorized activity regarding a credit card account.
  • Thanks to a reader who sent me the link to this.

    Update of June 2: A copy of Batteries.com’s notification letter (pdf) to the New Hampshire Attorney General’s Office is now available online. The letter indicates that 865 residents of New Hampshire were to be notified, but the total number of customers affected was not indicated.

    Update of July 16: A copy of their notification to the Maryland Attorney General’s Office indicates that 3,510 residents of Maryland were being notified.

      One Response to “Batteries.com—Security Breach”

    1. The handling has been terrible. They notified customers 2 months after knowing. In the mail it says nothing of statusing your credit card as lost stolen thought credit card numers are what were stolen.

      Wanting to know the credit card involved I called the number on the letter. A mesage provides another number that sends you to experian who has no info. There is no way to get thorugh to a person at the number provided.

      So you lookup their website to get a customer service number. I asked them to tell me which credit card I used – they said it would take 3 days to get that info for me. I told them that perhaps we should hire the hackers. They seem to have better access to the data than the employees.

      It’s been 4 days and I’m still waiting. Of course the company has gone for the day. I guess I’ll wait for the weekend to find out which credit card of mine is at risk or just cancel them all.

      why would I ever use this company again?

    Sorry, the comment form is closed at this time.