Cyber Incident Victim: Nite Ize

In early March 2015, Nite Ize's online store experienced a cyber attack compromising approximately 309 credit card transactions processed between March 3 and March 11. The breach occurred through unauthorized access to the e-commerce platform hosted and managed by a third-party website services provider. On March 11, this provider alerted Nite Ize that credit card numbers used for transactions during the attack window had been compromised. Two days later on March 13, the provider further notified Nite Ize that attackers may have gained access to a general customer database containing records for approximately 50,000 global customers. The compromised credit card data included specific card numbers, while the potentially accessed customer database held names, usernames, passwords, mailing addresses, email addresses, and phone numbers.

Nite Ize immediately implemented measures to prevent additional unauthorized access upon receiving the March 11 notification. Following the March 13 update about potential database exposure, the company mandated password resets for all users and initiated notifications to all potentially affected individuals through multiple channels. In a March 27 FAQ posted on its website, Nite Ize clarified that forensic investigations had found no evidence confirming database access or data exfiltration from the customer database. However, citing precautionary principles, the organization proceeded with full disclosure to customers and relevant authorities. The company's response included continued cooperation with cybersecurity professionals to reinforce system protections while maintaining transaction processing capabilities throughout the remediation period.