You are here

Performance on Nashbar Security Breach

Published July 17, 2009

CHAPEL HILL, NC (BRAIN)—If you’ve been to any bicycle forum lately you’ve probably read about some Bike Nashbar customers being exposed to credit card fraud.

The online retailer’s owner Performance Bicycle wants to set the record straight. According to Performance Bicycle chief executive officer Jim Thompson, Performance was alerted to a possible security breach back in February.

“We immediately got a third party involved,” Thompson said. That third party Thompson referred to specializes in “forensic activity” when it comes online breaches of security.

It was until May 18 that Performance received a report from that third party that a security breach had indeed occurred, possibly affecting 150,000 of its Nashbar customers.

Performance immediately began looking into the regulatory requirements by state and started crafting letters it would send to impacted customers. Performance also phoned these same individuals a week before the letters went out alerting them about their compromised information.

“We were frustrated that it does take that amount of time,” Thompson said.

But that still doesn’t explain why Performance waited so long to notify the public through a bike-specific media outlet such as Bicycle Retailer and Industry News. Thompson wants this to change heading into the future.

“We want to be more offensive than defensive [going forward],” Thompson said. “Being more proactive is a good constructive criticism.”

Thompson said that out of that 150,000 customers only somewhere “in the hundreds” reached out to the company, reporting fraudulent credit card activity after having purchased product from Nashbar.

In the meantime, Nashbar has moved its servers to a new third party. The move to a new server would have taken place regardless of the breach to boost server capacity, according to Thompson. Nashbar had never had any security breaches before this one.

“We are passionate about our guests,” Thompson said. “We apologize for this.”

Please call (800) 999-1224 if you feel like your credit card information has been compromised on Nashbar.

—Jason Norman

Topics associated with this article: Web/Internet

Join the Conversation