On April 26th AIM Surplus sent a notice of data breach to the state of California regarding a breach of their image database that occurred on April 4th 2016. This database housed images of customer names, images of their firearm licenses, and documents used for age verification. Many US shooters have purchased something from AIM surplus and are affected by the breach, I myself fall into that category. At this time there is no indication as to how extensive the breach was and how far back the data goes. The notice did state that no payment information, order history, or account information had been compromised, only the names of customers and their state IDs.
AIM does appear to be offering a year of free ProtectMyID from Experian to help their customers detect if their information has been misused. AIM Surplus also has removed all the images from the server and is working with a security firm to fix the lack of security with their upload feature. The security firm will also be taking a hard look at the entire site for any other potential security issues. You can read the notice below or visit the link here to view the notice on the State of California’ server here.
I reached out to AIM Surplus and there has been no comment as of this time.