The Washington Post

Easton-Bell Sports reports data breach at its online vendor

Yet another retailer has disclosed a data breach — this time affecting only online customers. Easton-Bell Sports, which owns several sports brands, said Tuesday that it was also the victim of a data intrusion that swept up the personal and financial information of an undisclosed number of customers.

In a statement posted on its Web site, the Southern California-based company, which owns the brands Easton, Bell, Riddell, Giro, Blackburn and Easton Cycling, said that hackers were able to attack vendor servers using malicious software.

The company said that the incident may have started Dec. 1 and affected customers who bought online goods between Dec. 1 and Dec. 31. The servers contained information such as names, addresses, telephone numbers, e-mail addresses, credit card numbers and the “three or four digit credit card security code.” Easton-Bell did not say how many customers were affected by the breach. The company is offering credit protection services to affected customers.

The intrusion is the third widely publicized data breach to have hit a retailer in December, following higher-profile attacks on Target and Neiman Marcus.

Investigations into those attacks are ongoing, but they are believed to have been carried out by hackers who infected the register payment systems in physical stores. The Easton-Bell attack is notable because it specifically affected online customers. The company did not link its data breach to Target’s or Neiman Marcus’s in the statement.

The cybersecurity firm IntelCrawler last week said six other unnamed retailers were hit by versions of the same malware that breached Target and Neiman Marcus systems. Easton-Bell was not one of the six retailers on that list, IntelCrawler President Dan Clements said.

Once Easton-Bell learned about the attack, the statement said, the affected servers were shut down and rebuilt to clear away traces of the bad software. A computer forensic specialist has been hired to investigate the breech.

“We regret any inconvenience this may have caused and assure our customers we are doing everything we can to protect them,” the firm said.

The company did not immediately respond to a request for comment. It is owned by the private equity firm Fenway Partners and produces sporting equipment such as bats, biking helmets and football helmets.

Hayley Tsukayama covers consumer technology for The Washington Post.
Show Comments

To keep reading, please enter your email address.

You’ll also receive from The Washington Post:
  • A free 6-week digital subscription
  • Our daily newsletter in your inbox

Please enter a valid email address

I have read and agree to the Terms of Service and Privacy Policy.

Please indicate agreement.

Thank you.

Check your inbox. We’ve sent an email explaining how to set up an account and activate your free digital subscription.