CLEVELAND, Ohio -- A computer hacker hit Malley's Chocolates two weeks before Easter and stole credit and debit card information belonging to 3,400 customers.

The Brook Park-based candy icon started notifying affected customers last week by mail. The data breach affected consumers who made purchases online, not those who bought items in one of Malley's 23 Northeast Ohio stores.

Consumers are encouraged to notify their banks and cancel their cards immediately -- especially in the case of debit cards because those are linked directly to people's checking accounts.

"It was awful," Malley's Chairman and co-owner Mike Malley said in an interview. "We take our customers' privacy and security very seriously."

Malley said the company learned something was amiss after it was contacted by two customers in two days in March and said they'd had fraud on the cards they used for online orders. Malley's experts confirmed a breach and the company shut down its website for four days while forensic and IT consultants fixed the issues and tested the site's security in various ways.

The company spent weeks determining which customers were affected, and found that there was a "high probability" that information for 3,453 credit and debit cards was stolen, Malley said. He believes the breach was going on for only a couple of days before they caught it and shut the site down.

The data compromised included people's names, addresses, card information and the security code printed on the card that's needed for online purchases. Most likely, the information could not be used to create a counterfeit card, because the thief wouldn't have the internal security code that's on the mag stripe that's needed for an in-person purchase. That code isn't provided during an online purchase.

Malley's took a few weeks to investigate the breach thoroughly, Malley said, and made sure it had a list of every customer affected before it started notifications. The company didn't want to stagger mailings to different people and create more confusion or stress, he said.

Malley's has set up a 24/7 call center to help affected customers, who will need account information from the letter they received if they need help understanding their exposure or what Malley's can do for them.

In this era, hacks affect small companies and monster corporations like Equifax and even supposedly secure government operations. Malley said officials don't know how the site was hacked. He said all of the website's plug-ins and security features were up to date.

The hack came at a bad time for Malley's -- two weeks before Easter -- which is typically one of the company's busiest times.

Consumers who were victims of this or any breach should consider a few safeguards: