SCOTTS VALLEY, Calif. (BRAIN) — Easton-Bell Sports says its e-commerce vendor servers were affected by malware and that someone may have obtained personal data from customers who made purchases from the Easton-Bell Sports website in December.
The company said about 6,000 customers were affected.
"This may have included personal information, such as name, address, telephone number, email, and credit card number along with the three or four digit credit card security code on the card provided," the company said in a statement posted to its website Wednesday.
The company said it immediately shut down the affected servers and hired a computer forensic specialist to investigate and is working on additional measures to keep it from happening again.
"Although our investigation has not found that customer information has been misused, we treat this matter with the utmost seriousness. We regret any inconvenience this may have caused and assure our customers we are doing everything we can to protect them."
The company sent letters to consumers who made purchases from the site in December and said it would provide them with two years of free enrollment in AllClear ID, an identity protection service. Consumers with questions about the service can find information at enroll.allclearid.com.
"We are genuinely sorry that this incident occurred and apologize for any inconvenience this matter may cause you. I can assure you that we are doing everything we can to protect you – our customers – and ensure nothing like this happens again," read the letter, which is signed by Easton-Bell CEO Terry Lee. Besides the AllClear ID enrollment, the letter suggests that customers consider filing a fraud alert or security freeze with major credit report agencies.