BevMo tells 14,500 customers their information may have been stolen

Concord-based beverage retailer BevMo has told more than 14,000 customers there was a data breach Thursday and personal information may have been stolen. 

BevMo, a Concord-based beverage retailer, has told 14,500 online customers that their personal information, including names, addresses and credit card numbers, may have been stolen, a spokeswoman said Thursday.

BevMo Chief Marketing and Information Officer Tamara Pattison said letters telling customers of the breach were mailed on Dec. 20.

The letter is posted on the California Attorney General's website. State law requires businesses to tell customers when their data has been stolen. When more than 500 customers are affected, a business must also inform the state attorney general.  

According to the letter, an unauthorized person gained access to the website and placed malicious code on the checkout page that may have captured customers' data between Aug. 2 and Sept. 26. 

The stolen data could include names, credit card information, home addresses, billing addresses and telephone numbers.

Pattison said in the letter that its website service provider, NCR Corp., has removed the malicious code. NCR Corp. and BevMo are each investigating and have been in contact with law enforcement, she said. 

Pattison said people who buy beverages at the company's nearly 170 stores in California, Arizona and Washington were not affected. While BevMo sells beverages online, it makes most of its sales through the stores, she said.

"BevMo takes the privacy of our customers' personal information seriously and we deeply regret that this incident occurred," Pattison told customers in the letter.