Customer information exposed by hacker

Security at’s online store was breached last weekend, and some customers later received e-mails from a computer hacker that contained credit card numbers and other personal financial information, Playboy officials confirmed Wednesday.

The breach could affect customers who visited the online store as far back as 1996, according to officials at the New York-based company.

Laura Sigman, a spokeswoman, said the e-mails were “poorly written” messages from a hacker who apparently used a return address header to send the messages. Sigman said technicians at discovered the security breach after noticing “some unusual server activity” as the e-mails were apparently being sent out.

In a follow-up e-mail sent out yesterday by Larry Lux, president of, all online customers in the past five years were advised to contact their credit card companies to be sure that no unauthorized purchases had been made on their cards.

In his e-mail, Lux assured customers that the company is “taking a number of other immediate measures to address this situation,” including the hiring of New York-based Kroll Inc., a security and investigations consultant, to audit all of’s computer systems and prevent future attacks. has also reported the breach to federal authorities and is cooperating in a criminal investigation.

“Unfortunately, Playboy is only one of a number of high-profile companies who have been subjected to this kind of malicious hacking,” Lux said in his e-mail to customers. “We recognize the value that you place on your privacy and security and want to assure you that we are doing everything possible to rectify the situation.”

The store has been online for about five years. The company wouldn’t disclose the exact steps it’s taking to prevent future attacks, nor would officials describe how the attacker entered the site.

Analysts offered mixed views about how the intrusion will affect future shoppers at

Chad Robinson, an analyst at Robert Frances Group Inc. in Westport, Conn., said that attacks like these have become well publicized, but that they don’t necessarily send customers fleeing.

“ sells products which are in high demand,” Robinson said. “I don’t think customers will stay away because a site has been hacked.” Instead, the message continues to be that buyers should be careful where they give out their personal information and should be sure they’re protected by using true credit cards, rather than debit cards, when shopping online, he said.’s reaction to the break-in was excellent, since the company quickly e-mailed customers to advise them of the problem and describe the steps being done to resolve it, he said. “All of those are confidence builders” for customers, he said. “I think that’s a good step.”

Others think the incident hurts in the eyes of customers.

Charles Kolodgy, an analyst at International Data Corp. in Framingham, Mass., said the hacker attack highlights the greatest fear of many online shoppers – that their personal information will be stolen and used by thieves.

“It does cause some problems in that area to recover from,” Kolodgy said. Some customers may choose to shop at competing sites, he said. Or they may still shop there but seek to use mail or phone payment arrangements, if available.

Eric Hemmendinger, an analyst at Aberdeen Group Inc. in Boston, said customers do remember such incidents harshly.

“This is bad news for,” he said. The invasion demonstrates that what a company does or doesn’t do to ensure security online can leave it vulnerable if protections aren’t adequate. “That image is particularly well suited here,” he said of the adult Web site.