FOLLOW US

JM Bullion, the Dallas, Texas-based gold and silver online retailer was the victim of a payment-skimmer cyberattack.

On Saturday, October 31, the company sent e-mails to its online customers informing them about the cyberattack, which occurred between February 18 to July 17 this year.

JM Bullion found a malicious code on its website

The five-month cyber attack was not disclosed to customers until three and one-half months after its discovery.

JM Bullion informed its customers that, "On July 6, 2020, JM Bullion was alerted to suspicious activity on its website. JM Bullion immediately began an investigation, with the assistance of a third-party forensic specialist, to assess the nature and scope of the incident.” 

“Through an investigation, it was determined that malicious code was present on the website from February 18, 2020, to July 17, 2020, which had the ability to capture customer information entered into the website in limited scenarios while making a purchase.”

The statement claims that the cybercriminals stole customer's personal data that included ”name, address, and payment card information (account number, card expiration date, and security code).” 

Very little is known about which specific customers had their information impacted. According to its website, it ships more than 30,000 orders per month. It has been reported that JM Bullion posted sales of more than $3 billion over an eight-year period.

What is a payment-skimmer attack? 

The company website claims it uses 256-bit SSL encryption, certified by DigiCert/Norton. They also assure that “We never have access to your credit/debit card information, as it is processed securely by CyberSource, the parent company of Authorize.net, following the most stringent PCI-compliant standards.”

Despite the firm's security, the attacker breached its encryption and other protections to scan in private information.

This cyberattack is known as a MageCart or payment-skimmer attack which is a form of a Man-in-the-Middle hack. Magecart is most effective on websites built on the Magento e-commerce platform. It works by inserting lines of malicious JavaScript code into a website that diverts payment information to a hacker’s external server.

“Magecart attacks are notoriously difficult to detect because they target the client-side of websites,” PerimeterX security evangelist, Ameet Naik commented on the attack. He also noted that taking five months to notice the skimmer is not unusual.

 “Hackers inject malicious shadow code into the website scripts which runs on the users’ browsers. Traditional server-side monitoring and security solutions don’t have visibility into this client-side activity and are unable to stop such digital skimming attacks that lead to the theft of personal data from website users. This not only hurts the online business but also exposes them to compliance penalties and liability.”