DLP Lamp Source, a distributor of replacement DLP and LCD lamps, is in the process of notifying its customers of a data-breach incident, which exposed their personal information and credit-card details. The company notes that the administration portion of its website was compromised by unknown attackers.
We have become aware of this incident after one of our readers, who prefers remaining anonymous, has forwarded us the notification letter (PDF) the company sent to its customers. The document does not go into very specific details, but notes that the breach was discovered recently and that law enforcement agencies have launched an investigation.
Read more on Softpedia.
The notification letter is short on the kind of details most readers of this site would be seeking. The company writes:
We are currently cooperating with law enforcement agencies to investigate the incident. Through our investigation, we have determined that the personal information involved in this incident included the names and credit card numbers of DLP Lamp Source customers. We wanted to give you notice so that you can take action to protect yourself. We also are thoroughly investigating the incident and examining the measures we can take to help prevent incidents of this kind from happening again. The first step that was taken was to determine how a portion of the website was compromised and immediately resolve the issue. The website server was locked down and data source tables cleaned. The source of the security compromise was isolated and blocked immediately.
While it is good news that they could quickly isolate and block the problem once they became aware of it, there is no indication when the breach occurred or for how long customer data may have been exposed before the company detected the breach. Nor is there any indication as to how many customers were affected. Perhaps we will learn more if they notify any of the states that make their reports available.
DLP Lamp Source did not offer affected customers any free credit monitoring or restoration services.
Update: 1070 residents of Maryland were notified of the breach.