Yvonne T. Betowt reports:
University of Alabama fans who bought items from Bamastuff.com between Aug. 1, 2009, and Jan. 16, 2012, are being alerted to contact their banks for possible illegal and unauthorized use of their credit cards.
Bamastuff.com has sent out email notifications informing customers about a breach in its database, which was discovered this week by the company’s IT director, David H. Jones.
In his email, Jones says information including customers’ names, email addresses, billing and shipping addresses, telephone numbers, credit card information and/or a cryptographically scrambled passwords (not the actual password) could have been stolen.
“We can’t tell you how sorry we are this has happened and apologize for any inconvenience this has caused,” Jones said in the email. “We are still investigating to see how it happened and to figure out exactly what was taken but to err on the cautious side we wanted to inform you of this incident. ”
In a phone interview with The Huntsville Times, Jones said he knows of numerous fraudulent charges made on Bamastuff.com customers’ bank accounts.
Read more on al.com.
Disappointingly, the web site says “BAMASTUFF.com is a secure site that respects and honors your privacy.” but there is no notice or alert on the home page about the breach.