HBDirect.com suspects that its web site was breached and that customers’ names, addresses, phone numbers, e-mail addresses and credit card numbers were stolen.
In a letter to those affected which is not the typical letter I’m used to reading, company principal Paul Ballyk not only explained what an SQL injection attack is, but noted that even though the customer data were encrypted on the site, they believe that the hackers may have cracked the encryption code. Kudos to them for not trying to minimize the risk.
Customers who used the web site between December 1, 2009 and February 10, 2010 were notified of the potential compromise of their information. While the company did not offer free services such as credit monitoring, I liked how the president of the company invited people to email him or call him directly if they had questions.