Minnesota-based Creative Banner Assemblies recently began notifying 232 customers that their names, addresses, phone numbers and unencrypted credit card information may have been accessed when the company's Web site was breached.
According to the notification letter [PDF], an attacker used malicious code to gain access to temporary data files on the Web site, which are used to complete e-commerce transactions. The malware was discovered on July 22, 2013 -- the company believes it was injected on or around June 1, 2013.
"We are taking measures designed to prevent a recurrence of such an attack, including removing the malicious code and modifying relevant procedures and processes on our Web site," Creative Banner Assemblies vice president of sales Brian Knoop wrote in the notification letter. "We have also mounted an aggressive investigation into the circumstances surrounding the situation, including working with the appropriate authorities. We have conducted a review of our own internal security and training, and are implementing additional security procedures."
All those affected are being offered a free one-year subscription to the ITAC Sentinel Plus credit monitoring and identity theft protection service.