Home lighting and furnishings retailer Bellacor has notified some of its web site customers of a recent breach. In their letter , a copy of which was posted on California’s breach report site, President and CEO James Lawrence informed those affected that their names, addresses, telephone numbers, and encrypted credit card numbers with security codes may have been acquired from temporary data files used during transactions:
We discovered that an unauthorized third party obtained unlawful access to certain temporary data files on our website. These temporary data files are used only to complete e-commerce transactions and are not otherwise retained by Bellacor.
The information accessed in the temporary files included customer name, address, phone number and encrypted credit card information. The malicious code used by the unauthorized party was discovered and contained on July 26th, and we believe it was injected by the unauthorized third party around June 7th. While our investigation is ongoing, we believe that in certain limited circumstances the unauthorized third party was able to extract such information from the temporary data files. Your recent purchase occurred during the time period when the unauthorized third party was attempting to obtain this information about our customers. While we do not have evidence that your information was compromised, we are taking precautionary measures to protect your financial security and alleviate concerns you may have.