HQ/EMEAFind out how we can help your business
ZAGG Inc. has released an advisory that warns its customers of a recent cybersecurity incident that may compromise their credit card information.
The advisory explained that the hackers hijacked the company’s third-party application for e-commerce purposes offered by BigCommerce. The affected entity is a consumer electronics accessory manufacturer known for its mobile accessories.
Some of its products include screen protectors, phone covers, keyboards, and power banks. The hackers may have profited from the new operation, as this Utah-based company has annual sales of $600 million.
ZAGG reveals that the hackers breached BigCommerce.
In its notification letters, ZAGG disclosed that malicious actors had breached BigCommerce’s FreshClicks app and injected malicious code that took shoppers’ credit card information.
In addition, they explained that the hackers introduced the malicious code on the app between October 26, 2024, and November 7, 2024. The operation’s primary objective is to scrap credit card data input during the checkout process for specific ZAGG.com customers’ transactions.
BigCommerce is an Austin-based software-as-a-service (SaaS) e-commerce platform provider that services various businesses. The company caters to tiny enterprises and considerable corporations in multiple industries and geographies.
On the other hand, FreshClick is a third-party program that makes application development and responsive websites for the BigCommerce platform easier. Its developers also created it to improve the functionality of electronic stores and the customer experience.
Although FreshClick was not built directly by BigCommerce, it is available through its app marketplace. This store is a curated platform where merchants can locate and install add-ons for their stores.
Furthermore, BigCommerce clarified that its systems had not been accessed or compromised. Using internal technologies, BigCommerce discovered that the FreshClicks App had been compromised and removed from its customers’ stores.
As of now, the alleged data obtained by the hackers include names, addresses, and payment card information from zagg.com customers.
In response to this issue, ZAGG deployed remediation steps, notified federal law enforcement and regulators, and arranged for affected consumers to receive a free 1-year credit monitoring service.
ZAGG has not yet announced how many consumers were affected by the data breach.
