NIS America Data Breach Compromises Customer Information

NIS America confirmed that a data breach has occurred, one that compromised customers' information including payment info and other details.

The NIS America Twitter account shared the news days ago that emails would be going out regarding the information breach. According to NIS America, the breach occurred between Jan. 23 and Feb. 26 where a third party was able to obtain customer information.

Hello everyone, you may have received an email regarding a data breach of the NISA Online Store. This is a valid and legitimate email. Please stand by as we work on resolving the issue. Thank you for your patience and understanding!

— NIS America, Inc. (@NISAmerica) March 1, 2018

Shortly after the tweet went out, the email that's reference above found its way to forums like ResetEra. One user posted the email that they'd received from NIS America that detailed exactly what happened and how the company was looking to resolve the issue.

"We are contacting you to notify you of a data breach which occurred between January 23rd, 2018 and February 26th, 2018 on online stores owned and operated by NIS America, Inc., including store.nisamerica.com and snkonlinestore.com," the email began. "This data breach allowed an unauthorized party to access customer payment and address information for new credit card orders placed between these dates.

"Our customers are our top priority, and it is our responsibility to provide a safe and secure environment for you to shop online with confidence. We would like to inform our customers of what happened as a result of this breach, the steps we have taken to resolve it, and what you can do to protect yourself."

From there, the email went on to explain that a "malicious process" had been detected on the store's checkout page on Feb. 26, one that had apparently been there since Jan. 23. The process would briefly redirect customers to another site after submitting all of their billing and payment information where the information would be recorded before rerouting customers back to the official NIS pages. This means that all purchases made still went through as normal, but it gave the third-party site time to record information for any purchases made during that time period.

As for what the customers can now do, the email provided the usual step to combat fraudulent charges or compromised payment information that include checking credit card statements and working with banks to dispute those charges. NIS America says that the issue has now been taken care of and has taken new measures to prevent future issues.

"At this time, we can say that we have identified the issue, removed it from our website, and taken steps to prevent this issue from recurring, as well as added new security to our online stores," NIS America said. "We would not be reopening our online stores if we did not feel confident that they are a safe place to shop."

NIS America also announced that codes for $5 off customers' next purchase will be going out as an apology gift.