The Chicago Yacht Club has determined that a piece of malware was installed on one of its point-of-sale (PoS) servers between April 26 and June 21, the organization said on Sunday.
The breach was discovered after the club called in a security company to investigate a crash of its PoS service which took place on June 15. The security firm found the threat on June 21, and the affected server was taken offline.
The yacht club's representatives reported that customer names, addresses, and credit card or bank account numbers could have been accessed by the malware, although the security company hasn't been able to determine if the information was actually copied by the attacker.
The organization is confident that only customers who have paid with their cards between April 26, 2014 and June 21, 2014 are affected, but the number of potential victims has not been specified. Individuals whose information has been exposed have been offered identity protection services via AllClear ID for a period of 12 months, at no cost.