HQ/EMEAFind out how we can help your business
Avery Products Corporation has rolled out an advisory about a hack on its website that led to a data breach. The hack has also resulted in the hackers obtaining customers’ credit cards and personal information.
The affected entity is an American corporation that manufactures and sells self-adhesive labels, apparel branding elements, and print services. In a notification letter delivered to affected customers, the firm explained that they had discovered the unauthorised activity in December last year.
The Avery website got infected by a credit card skimmer.
According to investigations, the threat actors who compromised the Avery website, an online shop domain, installed an alleged credit card skimmer. As a result, threat actors acquired access to the sensitive payment information that customers entered on Avery’s website between July and December last year.
The confirmed information compromised during the attack includes first and last names, billing and shipping addresses, email addresses, telephone numbers, credit card numbers, CVV codes, expiration dates, and purchase amounts.
On the other hand, other sensitive information, such as Social Security numbers, driver’s license numbers, government-issued ID numbers, and dates of birth, are not among the information exposed.
Still, the affected data is sufficient for threat actors to conduct other malicious activities in the victims’ identities and charge their accounts with illicit purchases. The company has already recorded a couple of reports regarding fraudulent activities as they received emails from customers indicating that they received a fraudulent charge and/or phishing email.
The company also stated that it received similar reports this month and disseminated notification letters to warn other potentially affected customers. This data breach incident has reportedly impacted nearly 62,000 customers.
Avery provides a free one-year credit monitoring service through a third-party provider. The notification recipients are also warned to be wary of unsolicited messages and to immediately report any suspicious activity on their accounts to their bank and authorities.
Customers should always check their transactions and recent activities for their accounts, as attackers will try to capitalise on their foothold on infected cards.
