Cyber Incident Victim: EyeBuyDirect

Unauthorized access to EyeBuyDirect’s website occurred between February 9 and May 30, 2015, with attackers operating from a Russian IP address compromising customer data. The breach exposed personally identifiable information and payment card details, including names, mailing addresses, shipping addresses, phone numbers, email addresses, credit card numbers, and CVV security codes. EyeBuyDirect discovered the intrusion on June 16, 2015, though the exact number of affected individuals remains undisclosed. Forensic investigators were engaged to assess the incident, concluding their analysis with a final report delivered to the company on September 22, 2015. The attackers’ access pathway and specific exploitation methods within the website infrastructure were not detailed in public disclosures.

Upon confirming the breach, EyeBuyDirect terminated the attackers’ access and implemented additional security measures to prevent recurrence. The company began notifying potentially affected customers by October 13, 2015, offering a complimentary year of identity theft protection services. No evidence suggested misuse of exposed payment card data at the time of disclosure. The incident prompted operational adjustments to reduce future vulnerabilities, though technical specifics of these enhancements were not publicly documented. New Hampshire’s Department of Justice published an official breach notification coinciding with customer outreach efforts, confirming the compromise timeline and data types involved.