French computer hardware firm LaCie is warning customers who have used its Web site over the last year that hackers may have stolen their card data.
In a statement on its site, LaCie says that it has been told by the FBI that crooks appear to have used malware to gain information from transactions made through the company's Web site.
The breach, which seems to have lasted between 27 March 2013 and 10 March, puts payment card numbers and expiration dates, names, addresses and e-mails at risk.
LaCie has shut down the e-commerce part of its site while it moves to "a provider that specialises in secure payment processing services" and is asking customers to change their passwords and look out for fraudulent transactions on their cards.
The Seagate-owned firm began writing to affected customers last week, nearly a month after security blogger Brian Krebs first published evidence of a breach.
Krebs claims that the attack was carried out by hackers using security vulnerabilities in Adobe's ColdFusion software. He says that the crooks compromised dozens of sites, including those of credit card processor SecurePay and jelly maker Smuckers.