From the email, the breach may have happened between January 2018 and October 2018. Here is the email in full…
Dear Valued Customer,
It is with deep regret that I am writing to inform you of an incident involving access to information associated with online purchases made on our websitewww.hammernutrition.com. We are providing notice to you and other potentially affected customers about the incident, along with the steps we have taken to remediate this malicious breach, and assurance that our site is now secure.
We discovered that our website, www.hammernutrition.com, experienced an intrusion earlier this year. A third-party company (our “website provider”) operates our site. The website provider’s systems experienced the intrusion. The intruder or intruders placed malware on the website provider’s servers, and by doing so gained access to our customers’ payment card data. Our investigation indicates that the intrusion began approximately in January 2018 and ended in October 2018. The attackers gained access to customer information, listed below, as transactions were made on the website provider’s systems. Because you used your payment card information for web orders in the past, we are notifying you of this data breach.
What Information Was Involved?
The information that the attacker(s) had access to included: debit/credit card number, expiration date, and three-digit credit card validation code. No other customer information was accessed.
What Are We Doing?
Our website provider has worked with a leading cybersecurity firm to identify and remove the malware from its systems. Our website provider is actively monitoring the platform to safeguard personal information. A web application firewall has also been installed. Additionally, we have secured our e-commerce credit card payment methodology by employing a third-party hosted provider for communications and management of customer’s personal information, including credit and debit card data. Our website,www.hammernutrition.com, is now 100% secure and safe to use for credit card transactions.
I am very sorry about this data breach and any inconvenience it may have caused you. I appreciate your patronage up until now and hope that it will continue in the future. We strive to not only provide you with superior products, knowledge, and customer service, but also to ensure you can safely and securely do business with us in this age of the internet. Our vigilance is heightened in this modern e-commerce era, and we will continue to invest in systems and technologies to achieve these goals.
For More Information
If there is anything else that I can do to assist you, please call 800.336.1977 on weekdays between the hours of 9:00 a.m. and 5:00 p.m. Mountain Time.
Owner, Founder and CEO