Kahr Arms and Magnum Research data breach

[The Annoyed Man]

I got a letter in the last couple of days that I thought I'd warn you about.....

It is from SAEILO, presumably the parent company that owns both Kahr Arms and Magnum Research, warning of a data breach that occurred on their host's servers between February and December of 2016. Among other things, the letter says:

What Happened?

The third-party provider for our websites www.kahr.com and www.magnumresearch.com experienced an intrusion last year. Our site is operated for us by a third-party company "Aptos" (our "platform provider"), and it was the platform provider's systems that experienced the intrusion. The intruder or intruders placed malware on the platform provider's servers, and by doing so gained access to our customers' payment card data. To date, the investigation indicates that the intrusion began in approximately February 2016 and ended in December 2016. The attackers gained access to customer information including payment card numbers as customers made transactions on the platform provider's systems, and had access to historical payment card data. Because you have provided your payment card information to us in the past, we are notifying you about this data breach.

You may wonder why you are hearing about the breach now. The platform provider for www.kahr.com and www.magnumresearch.com did not discover the breach until November. in addition, law enforcement is investigating, and asked that the notification to customers be delayed to allow the investigation to move forward.

What Information Was Involved?

The information that the attacker had access to includes your first and last name, your address, your email address, your phone number and any debit or credit card numbers with expiration dates you have have used on our website.

For my own part, my online purchase history with Kahr consists of two transactions (a couple of holsters), just 3 or 4 days apart, back in June of 2011. I no longer have the same phone number or email address that I used for those purchases, and the card used has long since expired. Heck, my bank even changed names in the interim. So, they have my name and address. Oh well. So do a lot of other people.

However, one thing that bears looking into is what other online businesses you might have purchased from that are hosted by Aptos, since the intrusion was into Aptos's data, not their hosted clients. To contact Aptos to find out for certain, here is their contact page: https://www.aptos.com/contact-us/.

[puma guy]

I got a letter in the last couple of days that I thought I'd warn you about.....

It is from SAEILO, presumably the parent company that owns both Kahr Arms and Magnum Research, warning of a data breach that occurred on their host's servers between February and December of 2016. Among other things, the letter says:

What Happened?

The third-party provider for our websites www.kahr.com and www.magnumresearch.com experienced an intrusion last year. Our site is operated for us by a third-party company "Aptos" (our "platform provider"), and it was the platform provider's systems that experienced the intrusion. The intruder or intruders placed malware on the platform provider's servers, and by doing so gained access to our customers' payment card data. To date, the investigation indicates that the intrusion began in approximately February 2016 and ended in December 2016. The attackers gained access to customer information including payment card numbers as customers made transactions on the platform provider's systems, and had access to historical payment card data. Because you have provided your payment card information to us in the past, we are notifying you about this data breach.

You may wonder why you are hearing about the breach now. The platform provider for www.kahr.com and www.magnumresearch.com did not discover the breach until November. in addition, law enforcement is investigating, and asked that the notification to customers be delayed to allow the investigation to move forward.

What Information Was Involved?

The information that the attacker had access to includes your first and last name, your address, your email address, your phone number and any debit or credit card numbers with expiration dates you have have used on our website.

For my own part, my online purchase history with Kahr consists of two transactions (a couple of holsters), just 3 or 4 days apart, back in June of 2011. I no longer have the same phone number or email address that I used for those purchases, and the card used has long since expired. Heck, my bank even changed names in the interim. So, they have my name and address. Oh well. So do a lot of other people.

However, one thing that bears looking into is what other online businesses you might have purchased from that are hosted by Aptos, since the intrusion was into Aptos's data, not their hosted clients. To contact Aptos to find out for certain, here is their contact page: https://www.aptos.com/contact-us/.

I have made a couple of purchases from then, but so far I've received no notification. I can't remember exactly how far back it was, but I believe one may have been after 2011. I'll wait and see. Thanks for posting.