Bodybuilding.com notifies users of a security breach that occurred last year
- The breach impacted its IT systems and customers’ personal details.
- The firm detected unauthorized activity on one of its employee’s email in February 2019.
‘Bodybuilding.com’, the biggest online store for fitness and bodybuilding enthusiasts disclosed that it has suffered a data breach. The breach impacted its IT systems and customers’ personal details.
What happened - In a notification related to the breach, the firm revealed that it detected unauthorized activity on one of its employee’s email in February 2019. Upon thorough investigation, it was found that the malicious activity was due to a phishing email received in July 2018.
On April 12, 2019, the firm completed its investigation and found no evidence of misuse of data.
“We became aware of a data security incident involving unauthorized access to our systems in February 2019. We engaged one of the leading data security firms to conduct a thorough investigation, which traced the unauthorized activity to a phishing email received in July 2018. On April 12, 2019, we concluded our investigation and could not rule out that personal information may have been accessed,” the firm said in its report.
What data was involved - While there is no proof that the information was accessed or misused, Bodybuilding.com believes that the hackers might have gained access to personal information of customers. This include name, email address, billing/shipping addresses, phone number, order history, any communications with Bodybuilding.com, birthdate, and any information included in your BodySpace profile.
However, no credit or debit card numbers and Social Security numbers are compromised in the incident.
What steps are taken - The firm has started notifying the users about the breach. In addition, it has asked all its users to change their passwords immediately. They are are also advised to review their accounts for suspicious activity.
Meanwhile, the firm is enhancing the security of its systems in order to detect and prevent such unauthorized access in the future.