JM Bullion headquartered at Dallas; a leading online gold retailer has revealed to its customers that their website was hit by a Magecart-style data breach several months ago.
The gold bullion seller describes itself as one of the largest sellers of precious metals in the world, having sales over $3bn for the past eight years.
According to a breach notification sent to customers, the card details used to make some of those sales may have been skimmed by attackers earlier this year.
In July, 2020, JM Bullion discovered some suspicious activity on its website and they immediately started an investigation, with the help of a third-party forensic specialist, to assess the nature and scope of the incident.
On investigation, it was found that malicious code was present on the website from February 18, 2020 to July 17, 2020, that were able to capture customer information entered into the website in limited scenarios while making a purchase.
JM Bullion confirmed that the malicious code was removed from its website on July 17, but it is not known why it took so long for the company to discover the presence of malware on its systems and then several more months to notify customers.
They claim that only a small portion of the transactions processed on their website during the impacted time frame were taken. The stolen details included names, addresses, account numbers, expiry dates and security codes which could be used to perform e-commerce fraud.
Image Credits : Cryptocoin Spy