The Backcountry Gear website has been compromised by a substantial malware attack, which has resulted in the likely breach of personal customer payment card information.
Backcountry Gear is a supplier of lightweight backpacking and camping equipment, based in the United States. Apparently, malware was installed on the website for around three months, beginning around 27 April of this year. In addition to payment card information, names, addresses, and purchase details were also accessed.
In response, the malware was quickly removed from the website server and the compromise reported to law enforcement. Additional security measures were subsequently put in place, and steps taken to further protect customers.
The company is being forthcoming about the breach, and offering advice for those concerned about the possible security impacts.
"Our site is now secure and measures have been implemented to prevent similar attempts in the future. We are not aware of any connection between this breach and cases of fraud."
The release also explained that the company has now reported the breach to their merchant bank, as well as three major credit bureaus in the US.
"We deeply regret the inconvenience this may cause you. We take the security of your information very seriously and encourage you to contact us should you have any questions," a release posted on the website stated.
"We know we are one of many companies to experience a data breach, but we are frustrated on your behalf."
Businesses planning to put better vulnerability management practices in place need to ensure that all appropriate security systems are in place, and properly maintained. It's also important to look beyond basic software, and investigate the safety practices of staff.
For example, certain members may be accessing malicious content through work devices, or even plugging compromised storage devices into the network.