"In response, we immediately engaged a leading cyber security company to investigate and notices were posted in every store and on our Web site," company president Eric Smidt wrote in the notification letter [PDF]. "We blocked the attack and adopted enhanced security measures to make our systems more secure than ever."
The information accessed included card account numbers, expiration dates and card verification numbers. In fewer than one percent of cases, the cardholder's name was also accessed.
"Because we cannot identify which specific cards or information were actually taken, we are notifying our customers that we have been able to identify whose cards were used during the May 6, 2013 to June 30, 2013 time frame at each impacted store," Smidt wrote.
While no credit or identity protection services are being offered to those affected, the company is advising all recipients of the notification letter to monitor their card statements for fraudulent charges.
