For a company that prides itself on making hard drives that are among the most secure in the category, the strong indications hackers used malware to copy customer data details during transactions at the company''s online store are cruelly ironic.
LaCie, acquired by Seagate in 2012, has alerted the FBI that credit card details and passwords of shoppers who used the site between March 2013 through March of this year may have been stolen.
The fact the theft went unnoticed for such a long time period is getting attention all over the data security industry.
With a portfolio of storage products that promise the latest in data security technology, the news of a security breakdown on LaCie's website could prove to be quite damaging. For the problem to go undetected by a data security vendor is perplexing, to say the least.
On the company website LaCie frequently notes the importance of "ultra-secure professional network storage" and that network storage "needs to be fast, secure and reliable." After a year of undetected hacking of their online store, there will be many claiming that perhaps the company does not practice what they preach.
Graham Cluley, who runs a website on the subject of computer/data security commented this morning that, "customers should also be asking the company tough questions about why it didn't spot the intrusion earlier, and whether it had put enough resources into properly penetration testing its site to find and resolve weaknesses."
On the LaCie website the company posted an Incident Notification warning that reads in part:
On March 19, 2014, the FBI informed LaCie that it found indications that an unauthorized person used malware to gain access to information from customer transactions that were made through LaCie's website. We have hired a leading forensic investigation firm, who is conducting a thorough investigation, and assisting us in implementing additional security measures. As a precaution, we have temporarily disabled the e-commerce portion of the LaCie website while we transition to a provider that specializes in secure payment processing services. We will resume accepting online orders once we have completed the transition.
While LaCie's competitors will surely be tempted to pounce on this news for competitive gain, perhaps this incident is better served as a warning for all online businesses to make sure they are taking the necessary precautions to ward off security breakdowns in the future as they are happening all too frequently of late.