The website of U.S. based jewelry and accessory store Claire’s and its subsidiary Icing were hacked which may have let attackers steal the credit card details of the customers.
Claire’s is a popular store having more than 2,000 locations in North America and Europe, and 6,794 concession locations and 546 franchised stores in other regions.
According to a report by cybersecurity firm Sansec, Claire’s website was compromised in April by attackers who tried to steal customer’s payment information when purchasing from the site.
This type of cyber-attack is called a MageCart attack in which hackers compromise a web site and inject malicious scripts into various sections of the web site. These scripts then steal payment details which is entered by a customer.
Claire’s identified the issue related to their e-commerce platform on Friday and immediately took action to investigate and address it. The unauthorized code that was designed to obtain payment card information was inserted into their e-commerce platform and was successfully removed by them.
The company has taken additional measures to strengthen the security of their platform. They assured that the cards used in their retail stores were not affected in the breach.
Claire’s have notified the payment card networks and law enforcement. They also advised the cardholders to check their account statements for any unauthorized charges.
When Claire’s shut down their stores worldwide due to the COVID-19 pandemic, the next day the cyber criminals created a domain named ‘claires-assets.com.’
The Sansec research team stated that this domain remained dormant until April 25th, when a malicious script was added to the claires.com, and their subsidiary icing.com, websites.
This malicious script waits for a customer to check out and then tries to steal their payment information. As per the researchers this malicious script tried to steal customers’ credit cards at least between April 30th and June 13th.
Sansec’s Willem de Groot said that Claire’s on receiving their report had removed the malicious code on Saturday.
It is recommended that any customers who made purchases on Claire’s between April 30th and June 13th, must contact their credit card company and check their account statement.