dcsimg

Power Equipment Direct Acknowledges Data Breach

Download our in-depth report: The Ultimate Guide to IT Security Vendors

SHARE
Share it on Twitter  
Share it on Facebook  
Share it on Google+
Share it on Linked in  
Email  

Power Equipment Direct (PED) recently began notifying an undisclosed number of customers that their personal information may have been accessed when the server that handles the company's checkout process was infected with malware.

Affected websites include AirCompressorsDirect.com, SnowBlowersDirect.com, PressureWashersDirect.com, ElectricGeneratorsDirect.com, MowersDirect.com, WaterPumpsDirect.com, SumpPumpsDirect.com, ChainSawsDirect.com, LogSplittersDirect.com, TillersDirect.com, LeafBlowersDirect.com, ClippersDirect.com and StringTrimmersDirect.com.

The malicious code, which captured and transmitted screenshots of checkout pages, was active on the server from the evening of May 4, 2014 until the morning of May 5, 2014, when it was discovered.

"This code was disabled upon discovery and additional steps taken to ensure the attackers could not gain re-entry to the payment servers. ... Please know that PED is taking steps that will prevent this from happening again in the future," PED president John Hoch wrote in the notification letter [PDF].

All those affected are being offered one free year of identity protection services from AllClear ID.

Submit a Comment

Loading Comments...