The UK e-commerce store Sweaty Betty has announced that threat actors managed to insert malicious code into its website and steal customer payment details.
In an email sent to customers on Tuesday, the store had recently been made aware of ”unusual activity” on its website.
The email went on to add that a malicious third party had gained unauthorised access to a part of the retailer’s website and added malicious code to capture information entered during the checkout process.
The stolen data include names, email addresses, telephone numbers, billing addresses, passwords, card number, CVV number and expiry date.
Customers who made orders online or over the phone between November 19 and 27 are said to be the ones impacted. However, the firm has not revealed the total amount of customers who had their card details stolen.
Sweaty Betty has launched an investigation into the attack, and the UK’s Information Commissioner’s Office has also been notified.
A spokesperson from the store told Essential Retail that the issue has now been resolved.
“We take data security extremely seriously and the privacy of our customers remains our highest priority.”
“Unfortunately, when armed with payment card information or personally identifiable information, malicious parties can make fraudulent purchases, sell said data on the dark web for a quick profit and much more.” said Anurag Kahol, chief technology officer at Bitglass Inc.
“While this breach is said to have occurred ahead of Black Friday and Cyber Monday, the holiday shopping season is not over. Companies must deploy security solutions that can prevent data leakage.”
The post #Privacy: UK retailer falls victim to Magecart attack appeared first on PrivSec Report.