Data Notification FAQ

What happened? On November 4, 2016, we were informed by our website developer that customer payment card information may have acquired without authorization due to malware on the site. We immediately began an investigation, and confirmed that payment card information used to make online purchases on our site between September 26, 2016, and early November 5th, 2016, may have been acquired without our customer’s authorization due to malware on the site.

What information was involved? The following information may have been accessed: payment card information, including names, billing and shipping addresses, email address, Backcountrygear.com account password, payment card numbers, security codes and expiration dates.  Since we do not use or collect debit or credit card PINs or bank account numbers in our transactions, none of this data would have been present in a transaction and would not have been affected by the breach.

What are we doing? As soon as we were learned that customer payment card information may have been acquired without authorization, we immediately began an investigation, scanned for malware, removed the malware, and took measures to increase the security of our system. We also notified our merchant bank and the payment card networks so that they can coordinate with card issuing banks to monitor for fraudulent activity on cards used during the timeframe in which cards may have been compromised. We also notified the Eugene, Oregon, Police Department and filed a police report. We are also working with our website host to ensure that the security of our system has been enhanced, with the goal of making it more difficult for a similar incident to occur in the future.

What you can do: You can follow the recommendations in the notification letter to protect your personal information. This may include reviewing your payment card account statements closely. If you detect any suspicious activity on an account, you should promptly notify the financial institution or company with which the account is maintained. You should also promptly report any fraudulent activity or any suspected incidence of identity theft to proper law enforcement authorities, your state attorney general, and/or the Federal Trade Commission (FTC).
If the credit or debit card used in Backcountry Gear transactions between September 26, 2016, and early November 5, 2016 has not yet been replaced, you should contact your card issuer, inform them of the data breach, and request a new card.  We also encourage you to change the password to the account you hold with us.  How to change your account password.

What can be done to protect my identity? You can follow the recommendations in the notification letter regarding protection of your personal information, such as regularly reviewing credit card account statements.

When did it happen? On November 4, 2016, we were informed that customer payment card information may have been acquired without authorization, and later confirmed that payment card information used to make online purchases on our site between September 26, 2016, and early November 5, 2016, was acquired without authorization.

Has my payment card information been misused? We don’t know. We learned that some customer payment card information had been misused, but we do not know how many customers have been affected.

What are we doing to prevent it from happening again? Our system was scanned and the malware was removed. We also took measures to increase the security of our system with the goal of making it more difficult for a similar incident to occur in the future.

Status of site now: Fully secure. The backdoor that allowed the code to be installed was identified and secured.  Our website programmers have removed the malware and quarantined affected files.  We are continuing to monitor the site security.

I placed my order using Paypal:  We encourage you to change the password to the account you hold with us.  How to change your account password. If you use the same password for your PayPal account you should change that password.

For more information: Please contact our help line at 800-953-5499 ext. 5.