A warning has been issued by the Concord, California-based alcoholic beverages retailer BevMo informing its customers about a data breach that its online store experienced between 2 August and 26 September. During the attack, credit card data of its customers was exposed.
“BevMo takes the privacy of our customers’ personal information seriously and we deeply regret that this incident occurred,” stated BevMo in its warning [PDF] to customers.
Reportedly, BevMo’s online store experienced a data breach in which the attacker managed to steal credit and debit card numbers, phone numbers, home addresses, and security codes of over 14,000 BevMo customers who have used the website during the abovementioned time period.
The company revealed that the attacker planted malicious code on the online store’s checkout page. This code was written specifically to obtain information that the customers enter while placing an order. Hence, the order information placed between 2 Aug and 26 Sept was exposed to the hacker(s).
BevMo claims that the malicious code has now been removed with the help of NCR Corporation, which is responsible for running the website, and an investigation is already launched to probe the attack.
“To help prevent something like this from happening again in the future, the service provider [NCR] is continuing to review and enhance security controls and continuing to monitor its systems to further detect and prevent unauthorized access,” BevMo explained in its warning notice.
BevMo has contacted law enforcement agencies as well as payment card firms and requesting users to remain alert and keep checking their payment card accounts and credit reports. The California attorney general’s office has also been informed about the data breach.