After identifying suspicious activity within our e-commerce site on February 8, 2017, we immediately initiated an internal investigation and engaged external IT consultants to assist us. By february 10th, we identified the malicious code, permanently removed it from our site, and took additional steps to prevent a similar intrusion.We have learned that certain customer credit and debit card information may experience been obtained by an unauthorized party from our payment portal when purchasing through our online store at www.rods.com, from october 11, 2016 through february 10, 2017. We make not store card data on our website; this data was taken during the transaction. Purchases through our physical retail location and phone heart were not impacted by this incident.What Information Was Involved?Based on our investigation, the information potentially involved in this incident may have included your name, credit or debit card number, card expiration date and CVV2/CVC2/CID/CVD (security cipher on the face or back of the card). Debit pin numbers were not obtained during this incident. More information: https://oag.ca.gov/ecrime/datahack/reports/sb24-66493