Jacksonville, Fla.-based apparel retailer Stein Mart Inc. disclosed a data breach that may have compromised customer data, including names, addresses, email addresses and credit card information.
In an email sent by Stein Mart, the company urged customers who placed or attempted to place orders on its website May 19, June 1, June 5, July 8 and July 9 to check their payment card statements for unauthorized charges.
Stein Mart's third-party vendor, Annex Cloud, warned the retailer of the potential time periods when data entered by customers during the checkout process could have been captured, according to a copy of the letter posted on Twitter by ZDNet Security News Editor Catalin Cimpanu.
Annex Cloud provides a service that allows users to log into e-commerce websites using their accounts from other platforms, such as Facebook Inc. or Amazon.com Inc.
Stein Mart said Annex Cloud informed the company about an unauthorized code added to Annex Cloud's code that it uses to enable logins. The technology company removed the unauthorized code July 9.
The company advised customers to report unauthorized charges to their bank, adding that it has already removed the Annex Cloud login feature from its website while an investigation is ongoing.
Meanwhile, within an hour after posting the Stein Mart data breach, Cimpanu posted another email from sportswear retailer Title 9 Sports Inc., another client of Annex Cloud, warning of a similar security breach.