ID Parts, LLC is notifying approximately 12,000 customers that malware inserted in their server for their e-commerce site (idparts.com) may have captured payment card information between January 2014 and October 28, 2014.
ID Parts was alerted to the breach by American Express, whose fraud investigation had pointed to ID Parts as the common point of compromise.
Somewhat curiously (to me, anyway), ID Parts, LLC did not notify law enforcement about this breach, although I can’t imagine why they wouldn’t share this information with law enforcement so that law enforcement can track the type of malware and its prevalence in the wild.
You can read ID Parts’ notification to the New Hampshire Attorney General’s Office with a template customer notification letter here (pdf).