Easton-Bell Sports reports data breach at its online vendor

by Hayley Tsukayama, Washington Post

creditcard_databreach_ccYet another retailer has disclosed a data breach — this time affecting only online customers. Easton-Bell Sports, which owns several sports brands, said Tuesday that it was also the victim of a data intrusion that swept up the personal and financial information of an undisclosed number of customers.

In a statement posted on its Web site, the Southern California-based company, which owns the brands Easton, Bell, Riddell, Giro, Blackburn and Easton Cycling, said that hackers were able to attack vendor servers using malicious software.

The company said that the incident may have started Dec. 1 and affected customers who bought online goods between Dec. 1 and Dec. 31. The servers contained information such as names, addresses, telephone numbers, e-mail addresses, credit card numbers and the “three or four digit credit card security code.” Easton-Bell did not say how many customers were affected by the breach. The company is offering credit protection services to affected customers.

The intrusion is the third widely publicized data breach to have hit a retailer in December, following higher-profile attacks on Target and Neiman Marcus.

Investigations into those attacks are ongoing, but they are believed to have been carried out by hackers who infected the register payment systems in physical stores. The Easton-Bell attack is notable because it specifically affected online customers. The company did not link its data breach to Target’s or Neiman Marcus’s in the statement.

The cybersecurity firm IntelCrawler last week said six other unnamed retailers were hit by versions of the same malware that breached Target and Neiman Marcus systems. Easton-Bell was not one of the six retailers on that list, IntelCrawler President Dan Clements said.

Once Easton-Bell learned about the attack, the statement said, the affected servers were shut down and rebuilt to clear away traces of the bad software. A computer forensic specialist has been hired to investigate the breech.

“We regret any inconvenience this may have caused and assure our customers we are doing everything we can to protect them,” the firm said.

The company did not immediately respond to a request for comment. It is owned by the private equity firm Fenway Partners and produces sporting equipment such as bats, biking helmets and football helmets.