This could be the most expensive data breach ever

[Karlston]

This could be the most expensive data breach ever

Hack at gold merchant went undiscovered for five months

(Image credit: Shutterstock)

 

An online retailer of precious metals has revealed that it has been the victim of a significant data breach.

 

 JM Bullion, which sells gold, silver, copper, platinum and palladium, became the victim of a cyberattack back in February that was not discovered until July. It remains unclear why the hack is only just being disclosed publicly.

 

This type of attack is known as MageCart and works by placing lines of malicious JavaScript code into a website. Then, when an individual enters payment information, the code diverts it to an external server operated by the hacker.

 

"On July 6, 2020, JM Bullion was alerted to suspicious activity on its website. JM Bullion immediately began an investigation, with the assistance of a third-party forensic specialist, to assess the nature and scope of the incident,” a notice sent to JM Bullion customers read. 

 

“Through an investigation, it was determined that malicious code was present on the website from February 18, 2020 to July 17, 2020, which had the ability to capture customer information entered into the website in limited scenarios while making a purchase.”

Five months

Potentially, this breach could have resulted in hugely sensitive information, including customer names, addresses and even payment information, falling into the wrong hands. The malicious code was only removed from JM Bullion website on July 17 – meaning that it was present for a staggering five months.

 

Law enforcement officials have been notified regarding the breach and anyone that purchased items from the JM Bullion website between February 18 and July 17 have been advised to monitor their bank statements to check for fraudulent activity.

 

Although there have been no reports of malicious activity stemming from the hack as of yet, JM Bullion did post sales in excess of $3 billion over the past eight years. If cyberattackers use ill-gotten credentials to conduct fraudulent activity, it could end up being a hugely costly data breach for the company and its customers.

 

This could be the most expensive data breach ever

 

[straycat19]

Stupid people deserve what they get.  Their have been credit cards that offer virtual (one use) numbers for years now. And if it is a site you might use all the time, like Amazon, then a number is issued that is only good on that site but you can change the number at any time.  I haven't input a real credit card number into a site for a very long time.  If hackers want it just ask because once I use it it will never work again.  I don't use credit cards in brick and mortar stores.  I only carry cash and a gun.  Get smart, if your credit card company doesn't offer virtual numbers switch to one that does.