But the hardware company speculated that all transactions between March 27, 2013 and March 10, 2014 were possibly affected.
Brian Krebs, the former Washington Post reporter who first broke the Target security breach story last winter, reiterated on his security blog on Tuesday that he previously published evidence about the LaCie attack last month.
Krebs said that had the digital storefront had "been compromised by a group of hackers that broke into dozens of online stores using security vulnerabilities in Adobe's ColdFusion software."
To recall, Adobe was hit by an attack last fall, leaving both customer information and source codes for numerous Adobe products vulnerable, including Adobe Acrobat, ColdFusion, and the ColdFusion Builder. In that case, although the original estimated number of accounts affected hovered under three million, the count was later updated to approximately 38 million. The ColdFusion holes have since been patched.
As for LaCie, customer names, addresses, email addresses, and payment card numbers and card expiration dates are all at risk as are usernames and passwords could also have been accessed. LaCie asserted it already required users to reset their passwords.
LaCie said it started notifying affected customers via letter on April 11, 2014.
Along with the FBI, LaCie said it had tapped an unnamed forensic investigation firm to help with the investigation as well as deploy new security measures. In the meantime, LaCie has shuttered its digital store until the payments infrastructure can be fully secured.