Attorneys for Eye Safety Systems have notified the New Hampshire Attorney General’s Office that they believe that a compromise of their web site, hosted by an unnamed third party vendor, may have compromised customers’ credit card transaction data.
The firm reports that although the database “used a method of encryption,” the hackers may have acquired the decryption key. As a result, customers’ names, addresses, phone numbers, e-mail addresses, and credit card data may have been acquired in the May 2011 incident.
ESS learned of the incident on May 27 and sent out e-mail notifications to customers on May 28. They also moved their database to a dedicated server and improved security measures, including the method of encryption.
Customers were notified by postal mail on July 29 and offered free credit monitoring services. There was no indication in the notification that there had been any reports of misuse of data, and the total number of customers affected was not reported.