The France-based storage manufacturer says its website may have been compromised for the better part of a year.
I’ve always thought of LaCie as more of a boutique storage-maker, the sort of outfit you’ll pay a little more to get something in orange, because hard drives always look better in orange.
The company sells storage devices with names like Blade Runner and Quadra and Porsche. I have one of the latter sitting on my desk right now, an aluminum brushed-nickel-finish brick with the company logo — all caps, the “C” bigger still — grandiloquently etched into the side. LaCie even sells a one-terabyte thingamajig audaciously dubbed the Christofle Sphère (Christofle being the French designer’s name, Sphère apparently being the French word for something that looks like it’d be right at home in Miss Cleo’s parlor) that’ll set you back $500. For one terabyte.
Now it seems the company has been hacked, or at least it’s pretty sure that’s the case. It’s put up an “incident notification” explaining that the FBI told it evidence has been found that someone used malware to breach its website and potentially accessed transactions occurring between March 27, 2013 and March 10, 2014. That’s no typo: the company’s basically admitting its site may have been exposed for the better part of a year, and during that year, the ne’er-do-wells may have accessed names, addresses, email addresses, account usernames and passwords, as well as credit card numbers and expiration dates.
It’s ultimately bad news for Seagate, a hard drive maker U.S. buyers are probably more familiar with: Seagate announced plans to snap up LaCie in May 2012, and the acquisition was completed in August 2012.
It’s also bad news for LaCie’s reputation as a purveyor of security wares. The company makes something called “Private-Public,” for instance, a Mac/PC-based encryption tool it markets to customers looking to encrypt files (documents, personal photos, passwords, etc.) on mobile devices. The breach didn’t involve access to the software, as far as anyone knows, but the last thing you want, obviously, is an albatross like this when you’re trying to present yourself as a credible security firm.
If you have a LaCie web account, the company has a “what you can do” to protect yourself FAQ (while it conducts a forensic digital analysis) here.