Osprey Packs Acknowledges Security Breach
Customers' names, phone numbers, e-mail addresses, billing and shipping addresses and credit card information may have been accessed.
Osprey Packs recently began notifying its customers that their names, phone numbers, e-mail addresses, billing and shipping addresses and credit card information may have been accessed when the company's Pro Deal Web site was hacked (h/t DataBreaches.net).
The breach wasn't discovered until a customer contacted Osprey Packs on August 7, 2013 to let them know that there was unauthorized activity on the customer's credit card. The company immediately reset all users' passwords, and began to investigate the cause of the breach.
"Our investigation revealed that the breach was likely caused by a malware attack which allowed an unauthorized third party to obtain authorized administrative log-in credentials for our Pro Deal Web site ... The attack appears to have taken place as early as July 9, 2013," the company stated in the notification letter [PDF].
The company says a small number of customers have already contacted Osprey Packs to say that they believe attempts have been made to run fraudulent charges on their cards.
As a result, Osprey Packs is advising all customers to review their credit card account statements and request a fraud alert on their credit reports, but the company is not offering customers any identity theft protection services following the breach.