
Below is the official statement from bodybuilding.com regarding this data incident.
Bodybuilding.com recently became aware of a data security incident that may have affected certain customer information in our possession. We have no evidence that personal information was accessed or misused, but we are directly notifying all current and former users and customers out of an abundance of caution. We have included below information about the circumstances as we understand them and the steps we are undertaking to address the situation.
If you have additional questions about the incident, we encourage you to call our dedicated call center at 1-844-386-9553, 8:00 am to 10:00 pm CT Monday through Friday, and 10:00 am to 7:00 pm CT Saturday and Sunday.
We sincerely regret any inconvenience or concern caused by this incident. We are committed to protecting your information and maintaining your trust and confidence.
FAQs
1. What Happened?
We became aware of a data security incident involving unauthorized access to our systems in February 2019. We engaged one of the leading data security firms to conduct a thorough investigation, which traced the unauthorized activity to a phishing email received in July 2018. On April 12, 2019, we concluded our investigation and could not rule out that personal information may have been accessed. While we have no evidence that personal information was accessed or misused, we are notifying all current and former customers and users about the incident out of an abundance of caution to explain the circumstances as we understand them.
2. What Actions Are You Taking In Response To This Incident?
Upon discovering the incident, we took steps to understand the nature and scope of the issue, and brought in external forensic consultants that specialize in cyber-attacks. We have engaged with law enforcement and are working with leading security experts to address any vulnerabilities and remediate the incident.
We continue to monitor our systems for unauthorized access, have introduced additional security measures, and will be resetting Bodybuilding.com customers’ passwords on their next log-in.
3. Was Any Credit Card Data Affected?
The information potentially accessed in this incident does NOT include full credit or debit card numbers, as we do not store those numbers when customers make purchases in our store. If you’ve opted to store your card in your account, we store only the last four digits of your payment card number for reference and use by you for subsequent purchases, but never the entire card number.
4. What Data Was Involved?
While we have no evidence that personal information was accessed or misused, information you provided to us which might have been accessed in this incident could include name, email address, billing/shipping addresses, phone number, order history, any communications with Bodybuilding.com, birthdate, and any information included in your BodySpace profile. Note that BodySpace profile information is generally already publicly visible to others, as noted in our applicable Privacy Policy and Terms of Use available here: https://www.bodybuilding.com/help?legal-and-privacy. If you have an online account with us, Bodybuilding.com user names and passwords might have been accessed.
Importantly, the information potentially accessed in this incident does NOT include full credit or debit card numbers, as we do not store those numbers when customers make purchases in our store. If you’ve opted to store your card in your account, we store the last four digits of your payment card number for reference and use by you for subsequent purchases, but never the entire card number.
In addition, if you accessed www.bodybuilding.com via a third-party site like Facebook, we did not have access to your password, and it was not accessible to the unauthorized party.
5. Were Customer Or Online User Social Security Numbers Affected By This Incident?
No, we do not collect Social Security Numbers from customers or online users.
6. Has The Issue Been Resolved?
We have worked with an outside security expert to address the vulnerabilities and remediate the incident. We appreciate your business and look forward to continuing to serve your needs.
7. What Is Bodybuilding.Com Doing To Protect My Information?
Once we became aware of the incident, we quickly took steps to determine the nature and scope of the issue. We are working with a leading data security firm to assist in our investigation. We have also notified and are coordinating with law enforcement authorities.
We Are Taking Steps To Protect Our Community, Including The Following:
- We are notifying Bodybuilding.com users to provide information on how they can protect their data.
- Wewill be requiring Bodybuilding.com users to change their passwords and urge users to do so immediately. Instructions about how to change your password are below.
- We continue to monitor for suspicious activity and to coordinate with law enforcement activities.
- We continue to make enhancements to our systems to detect and prevent unauthorized access to user information.
8. I Think I Received An Email About This Issue. How Do I Know It Is Really From Bodybuilding.Com?
Emails were sent to all current and former users and customers regarding this issue. Please note that the email from Bodybuilding.com does not ask you to click on any links or contain attachments and does not request your personal data. If the email you received about this issue prompts you to click on a link, suggests you download an attachment, or asks you for information, the email was not sent by Bodybuilding.com and may be an attempt to steal your personal data. Avoid clicking on links or downloading attachments from such suspicious emails. Any link included in our email to users directs users to insert the Bodybuilding.com FAQs URL into your browser and does not request your personal data.
Emails from Bodybuilding.com will never request your personal information and will always come from the domain @bodybuilding.com.
9. What Should I Do To Protect My Information?
We take our obligation to safeguard your personal data very seriously and are alerting you about this issue so you can take steps to help protect your information. We recommend you:
- Change your password for any other account on which you used the same or similar information used for your Bodybuilding.com account.
- Review your accounts for suspicious activity.
- Be cautious of any unsolicited communications that ask for your personal data or refer you to a web page asking for personal data.
- Avoid clicking on links or downloading attachments from suspicious emails.
10. How Do I Change My Password?
You can change your password via the following methods:
- If you are currently logged in, you can change the password for your account on the Change Password Page in BodySpace settings (https://www.bodybuilding.com/profile/change-password).
- If you’ve forgotten or misplaced your password, please go to the Reset Password Page and follow the prompts (https://www.bodybuilding.com/profile/forgot-password).
These instructions can always be found on our “Account Inquiries” Help Page in our Help Center at www.bodybuilding.com/help
11. Where Can I Get More Information?
We have established a dedicated call center to answer any questions you may have. You can reach the call center at 1-844-386-9553 between 8:00 AM – 10:00 PM CT, Monday through Friday, or 10:00 AM – 7:00 PM CT, Saturday and Sunday,
We sincerely regret any inconvenience or concern caused by this incident. We are committed to protecting your information and maintaining your trust and confidence.