Online bullion dealer JM Bullion, who trades precious metals including gold, silver, copper, platinum, and palladium, has reported a hacking incident, which compromised and leaked the PII and credit card details of its customers. JM Bullion and its subsidiary, Provident Metals, both sent a “Notice of Data Security Incident” to all its affected customers, which stated that the timeline of the attack began on February 18, 2020; however, the malicious activity was discovered in July 2020.
Key Highlights
- Malicious scripts were added on the JM Bullion’s website on February 18, 2020 and remained active until July 17, 2020. Thus, the customers who made transactions during this timeframe only were affected.
- The attackers were able to exfiltrate the personal data and credit card details of JM Bullion’s customers used during the checkout process.
- Such an attack used to compromise and exfiltrate data from sections of a website is popularly known as Magecart attack.
- In Magecart attacks, cybercriminals often insert malicious JavaScript in the checkout and/or payment page of the website. They steal the PII and credit card details of the website users, which is then sent to a remote C2 server under their control, as was the case here.
JM Bullion’s Hacking Incident
According to the notice (as seen in the image below), the IT department of JM Bullion first became suspicious on July 6, when they observed some malicious activity on the website.
It further stated that,
“JM Bullion immediately began an investigation, with the assistance of a third-party forensic specialist, to assess the nature and scope of the incident. Through an investigation, it was determined that malicious code was present on the website from February 18, 2020 to July 17, 2020, which had the ability to capture customer information entered into the website in limited scenarios while making a purchase.”
JM Bullion has notified the required law enforcement departments and reviewed their internal procedures and safeguards to help protect against such incidents in the future. Additionally, the company suggested the following protection measures against identity theft and fraud:
- Watchfully review your account statements and monitor your credit reports for suspicious activity.
- Place a “security freeze” on credit reports which prevents potential creditors from accessing your credit file.
- As an alternative to a security freeze, place an initial or extended “fraud alert” on your file at no cost.
- Contact the consumer reporting agencies, the Federal Trade Commission, or your state Attorney General for your protection.
Related News:
Under Attack! 2000 Magento Stores Hacked in a Magecart Campaign
