Data Compromise Notification
Oct 22, 2014 For more information check out the Data Notification FAQ
We are writing to alert you that on Oct 17th , 2014 we discovered that malware (malicious computer code) had been installed on our server which compromised customer payment card information submitted with orders to our company between Oct 11th and Oct 17th , 2014. As soon as we discovered the incident we had our Server IT professionals remove the malware and quarantine affected files. They are performing hourly scans and have seen no evidence of reoccurrence. We have reported the matter to law enforcement.
It appears that the malware was installed on Oct 11, 2014, and that it was subsequently detected, contained, and removed from our server by Oct 17, 2014. It appears that the malware caused payment card data to be stolen on orders to our company between Oct 11th and Oct 17th, 2014. The payment card data was comprised of customer names, email address, billing and mailing addresses, purchase information, the card expiration date and security code on the back of the card. Since we do not use or collect debit or credit card PINs or bank account numbers in our transactions, none of this data would have been present in a transaction and would not have been affected by the breach.
Our site is now secure and measures have been implemented to prevent similar attempts in the future. The backdoor that allowed the code to be installed was identified and secured. We are not aware of any connection between this breach and cases of fraud. We have reported the breach to our merchant bank and to the three major credit bureaus in the United States: Equifax, Experian and TransUnion. We did not provide them your personal information.
We deeply regret the inconvenience this may cause you. We take the security of your information very seriously and encourage you to contact us should you have any questions. You can call us at
Again, we apologize for any inconvenience this may create. We know we are one of many companies to experience a data breach, but we are frustrated on your behalf. We will do our best to serve you as completely and as quickly as possible. On behalf of each member of our team, thank you for your patience and loyalty.
Co-Founder and Owner of Backcountrygear.com
Please see the following State Notification Requirements
All States: You may obtain a copy of your credit report at www.annualcreditreport.com or 877-322-8228. You may also request information on how to place a fraud alert or security freeze by contacting any of the following national credit bureaus. It is recommended that you remain vigilant for any incidents of fraud or identity theft by reviewing credit card account statements and your credit report for unauthorized activity.
Equifax Experian TransUnion
P.O. Box 740241 P.O. Box 2104 P.O. Box 2000
Atlanta, GA 30374 Allen, TX 75013 Chester, PA 19022
www.equifax.com www.experian.com www.transunion.com
800-525-6285 888-397-3742 800-680-7289
Equifax Security Freeze Experian Security Freeze TransUnion Security Freeze
P.O. Box 105788 P.O. Box 9554 P.O. Box 2000
Atlanta, GA 30348 Allen, TX 75013 Chester, PA 19022-2000
www.equifax.com www.experian.com www.transunion.com
800-685-1111 888-397-3742 888-909-8872
For residents of Massachusetts: It is required by state law that you be informed of your right to obtain a police report if you are a victim of identity theft.
For residents of West Virginia: It is required by state law that you be informed of your right to place a security freeze on your credit report by contacting any of the credit bureaus listed above. A security freeze is intended to prevent credit, loans and services from being approved in your name without your consent. The security freeze is free of charge if you are a victim of identity theft and you provide a copy of an identity theft report made to law enforcement or the Department of Motor Vehicles. The consumer reporting bureau may charge a fee (generally $5.00) to lift or remove a security freeze.
To place a security freeze on your credit report, you may be able to use an online process, an automated telephone line or a written request. Written requests can be made to the addresses referenced above. Online and telephonic requests can be made to the following sites and numbers:
For residents of Iowa, Maryland, Michigan, Missouri, North Carolina, Oregon, and West Virginia: It is required by state laws that you be informed that you may obtain a copy of your credit report, free of charge, whether or not you suspect any unauthorized activity on your account.
For residents of Iowa: State law advises you to report any suspected identity theft to law enforcement or to the Attorney General.
For residents of Oregon: State law advises you to report any suspected identity theft to law enforcement and to the Federal Trade Commission.
For residents of Illinois, Maryland and North Carolina: You can obtain information from the Federal Trade Commission, and for residents of Maryland and North Carolina, from your respective state Office of the Attorney General, about steps you can take toward preventing identity theft. These addresses are set forth on the following page.
For more information check out the Data Notification FAQ
Backcountry Gear,1855 W. 2nd Ave. Eugene, OR 97402
1-800-953-5499 Ext 5 For Data Notification Information