According to a website called Computerworld, the servers which a third party uses to process orders made to the Official MLS website were the victims of a series of SQL INJECTION ATTACKS which "compromised the personal data of an unspecified number of individuals who had shopped on Major League Soccer's MLSgear.com Web site."
A letter sent to New Hampshire's Attorney General, signed by Michael Sapherstein, MLS's deputy general counsel, states that "the compromised information included names, addresses, credit and debit card data, and MLSgear.com passwords...."
MLS has mailed letters to all customers who may have been affected. They have not publically stated exactly how many people that may be, but the letter to the New Hampshire authorities says that 169 residents of that state were notified.
Now friends, I have no idea what an SQL injection is. I even read the explanation on Computerworld, and I still don't understand it. Perhaps some kind soul will put it in the simplest possible terms for me, after which I can cut and paste it into the Babelfish "English to Dimwit" translator.
But if you bought something off of MLSgear between January and August of 2007, even if you haven't gotten a letter, you might want to check your credit cart statement for plasma TV's and solid gold jewelry which they're going to want you to make payments on.