REGIONAL—The growing issue of online security hit the North Country this week as Grand Rapids-based L&M Supply acknowledged an unauthorized breach of credit and debit card information from the company’s online store.

The company revealed the breach in an April 23 letter to customers who shopped on the company’s online site.

The breach did not affect credit or debit card purchases from any of the company’s retail stores located in the region. L&M Supply maintains retail facilities in ten cities in northern Minnesota and northwestern Wisconsin, including stores in Mt. Iron and Hibbing.

In the April 23 letter to customers, company co-CEO Shawn Matteson stated that the breach appears to have affected payments processed for online purchases between Dec. 5, 2018, and Jan. 21, 2019. On April 9, according to Matteson, the company discovered the breach and took immediate steps to contain it. The breach may have compromised credit or debit card numbers, expiration dates, and CVV numbers (three or four-digit numbers that appear on the back of the card). That information, in combination, could allow those acquiring the data to use affected credit or debit cards for surreptitious purchases.

“Because we value our relationship with you, we wanted to make you aware of the incident,” stated Matteson in the letter. “We also wanted to let you know what we are doing to further secure your information and suggest steps you can take.”

According to a statement issued to the Timberjay by L&M Supply this week, the company “immediately commenced an investigation and worked with external cybersecurity professionals.” In addition, the company stated that it has implemented enhanced security safeguards to protect against similar intrusions. “L&M is also conducting ongoing monitoring of its website and payment portal to ensure that they are secure and clear of any malicious activity,” reads this week’s statement.

The company, in its April 23 letter, offered recommendations to any customers who believe their information may have been compromised. “As a best practice, you should call your bank or card issuer if you see any suspicious transactions. The policies of the payment card brands such as Visa, MasterCard, American Express and Discover provide that you are not liable for any unauthorized charges if you report them in a timely manner.” The company recommended that customers pay special attention to their monthly statements to look for fraudulent purchases.

The company has set up a dedicated response line for its online customers who might have questions about the breach. That number is 1-844-416-6280.