Update Florida-based web hosting company Web.com on Tuesday announced that it had suffered a data breach and payment card and personal information belonging to 93,000 customers was accessed.
The company did not say in a statement or press release whether the stolen data was encrypted, nor how it was accessed. “All Web.com customer credit card numbers are encrypted,” company spokesperson John Herbkersman told Threatpost via email.
The breach was detected Aug. 13 and Web.com said it contacted law enforcement and a security consulting firm to assist with its investigation.
Web.com said it has more than 3.3 million customers and said that it is offering a year of credit monitoring to those affected by the breach; victims were yesterday sent an email from Web.com explaining next steps.
“The security of our customer information is a high priority for Web.com. Our goals are simple – to protect our clients from internet attacks and, in the event that an attack succeeds, to fix the problem immediately,” said David L. Brown, chairman, chief executive officer and president of Web.com, in a prepared statement.
Web.com said the vector by which the attackers were able to infiltrate one of its systems was immediately shut down. In addition to credit card numbers, Web.com said the hackers also accessed personal information including names and addresses attached to the payment cards. Card validation, or security codes, as well as Social Security numbers were not compromised, Web.com said.
“Web.com has very strong and sophisticated security measures in place to protect our computer systems and we regularly review and update our security protocols,” the company said in a FAQ published on its site. “Unfortunately, cybercrime is a persistent threat in today’s world. Despite our best efforts, no business is immune.”
Web.com provides an array of hosting services, as well as domain registration, website design, management, search engine optimization and other services.
This article was updated Aug. 21 with a comment from Web.com.