DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

Batteries.com—Security Breach

Posted on May 29, 2009 by Dissent

My Take on Life reports a breach of batteries.com’s server that compromised names, addresses, and credit card data. A small number of fraud reports have already been made that may be a result of the breach.

From the FAQ on batteries.com site, where you can learn more about the incident:

  •   What happened?
    An individual or individuals illegally “hacked” into a Batteries.com server, resulting in the exposure of name, address, and credit card information belonging to customers which was collected through Batteries.com’s website.
  • When did this happen?
    We believe the hacker(s) illegally accessed Batteries.com’s server starting on February 25, 2009 and for a period of several weeks. The access diminished significantly on or around March 17, 2009 , when we took certain enhanced data protection measures, and by April 9, 2009 , the access was terminated.
  • When did Batteries.com learn of the incident?
    We first learned of the potential exposure to the server on March 13, 2009 , when a customer reported to the company potentially unauthorized activity regarding a credit card account.
  • Thanks to a reader who sent me the link to this.

    Update of June 2: A copy of Batteries.com’s notification letter (pdf) to the New Hampshire Attorney General’s Office is now available online. The letter indicates that 865 residents of New Hampshire were to be notified, but the total number of customers affected was not indicated.

    Update of July 16: A copy of their notification to the Maryland Attorney General’s Office indicates that 3,510 residents of Maryland were being notified.

    Category: Breach IncidentsBusiness SectorHackU.S.

    Post navigation

    ← Push For Electronic Medical Records Must Slow Down, For Security's Sake
    Recovered UAMS computer held worker data →

    1 thought on “Batteries.com—Security Breach”

    1. ml says:
      May 29, 2009 at 3:43 pm

      The handling has been terrible. They notified customers 2 months after knowing. In the mail it says nothing of statusing your credit card as lost stolen thought credit card numers are what were stolen.

      Wanting to know the credit card involved I called the number on the letter. A mesage provides another number that sends you to experian who has no info. There is no way to get thorugh to a person at the number provided.

      So you lookup their website to get a customer service number. I asked them to tell me which credit card I used – they said it would take 3 days to get that info for me. I told them that perhaps we should hire the hackers. They seem to have better access to the data than the employees.

      It’s been 4 days and I’m still waiting. Of course the company has gone for the day. I guess I’ll wait for the weekend to find out which credit card of mine is at risk or just cancel them all.

      why would I ever use this company again?

    Comments are closed.

    Now more than ever

    "Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

    Search

    Browse by Categories

    Recent Posts

    • Rewards for Justice offers $10M reward for info on RedLine developer or RedLine’s use by foreign governments
    • New evidence links long-running hacking group to Indian government
    • Zaporizhzhia Cyber ​​Police Exposes Hacker Who Caused Millions in Losses to Victims by Mining Cryptocurrency
    • Germany fines Vodafone $51 million for privacy, security breaches
    • Google: Hackers target Salesforce accounts in data extortion attacks
    • The US Grid Attack Looming on the Horizon
    • US govt login portal could be one cyberattack away from collapse, say auditors
    • Two Men Sentenced to Prison for Aggravated Identity Theft and Computer Hacking Crimes
    • 100,000 UK taxpayer accounts hit in £47m phishing attack on HMRC
    • CISA Alert: Updated Guidance on Play Ransomware

    No, You Can’t Buy a Post or an Interview

    This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

    And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

    Want to Get Our RSS Feed?

    Grab it here:

    https://databreaches.net/feed/

    RSS Recent Posts on PogoWasRight.org

    • How the FBI Sought a Warrant to Search Instagram of Columbia Student Protesters
    • Germany fines Vodafone $51 million for privacy, security breaches
    • Malaysia enacts data sharing rules for public sector
    • U.S. Enacts Take It Down Act
    • 23andMe Bankruptcy Judge Ponders Trump Bill’s Injunction Impact
    • Hell No: The ODNI Wants to Make it Easier for the Government to Buy Your Data Without Warrant
    • US State Dept. says silence or anonymity on social media is suspicious

    Have a News Tip?

    Email: Tips[at]DataBreaches.net

    Signal: +1 516-776-7756

    Contact Me

    Email: info[at]databreaches.net

    Mastodon: Infosec.Exchange/@PogoWasRight

    Signal: +1 516-776-7756

    DMCA Concern: dmca[at]databreaches.net
    © 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.