JM Bullion - This could be the most expensive data breach ever!

Discussion in 'General Precious Metals Discussion' started by ozcopper, Nov 4, 2020.

  1. ozcopper

    ozcopper Well-Known Member Silver Stacker

    Joined:
    Jul 17, 2009
    Messages:
    17,309
    Likes Received:
    3,502
    Trophy Points:
    113
    Location:
    Australia
    An online retailer of precious metals has revealed that it has been the victim of a significant data breach.

    JM Bullion, which sells gold, silver, copper, platinum and palladium, became the victim of a cyberattack back in February that was not discovered until July. It remains unclear why the hack is only just being disclosed publicly.

    This type of attack is known as MageCart and works by placing lines of malicious JavaScript code into a website. Then, when an individual enters payment information, the code diverts it to an external server operated by the hacker.

    "On July 6, 2020, JM Bullion was alerted to suspicious activity on its website. JM Bullion immediately began an investigation, with the assistance of a third-party forensic specialist, to assess the nature and scope of the incident,” a notice sent to JM Bullion customers read.

    “Through an investigation, it was determined that malicious code was present on the website from February 18, 2020 to July 17, 2020, which had the ability to capture customer information entered into the website in limited scenarios while making a purchase.”

    Five months
    Potentially, this breach could have resulted in hugely sensitive information, including customer names, addresses and even payment information, falling into the wrong hands. The malicious code was only removed from JM Bullion website on July 17 – meaning that it was present for a staggering five months.

    Law enforcement officials have been notified regarding the breach and anyone that purchased items from the JM Bullion website between February 18 and July 17 have been advised to monitor their bank statements to check for fraudulent activity.

    Although there have been no reports of malicious activity stemming from the hack as of yet, JM Bullion did post sales in excess of $3 billion over the past eight years. If cyberattackers use ill-gotten credentials to conduct fraudulent activity, it could end up being a hugely costly data breach for the company and its customers.

    Source: https://www.techradar.com/news/this-could-be-the-most-expensive-data-breach-ever
     

Share This Page