Payment-skimmer cyber attack on JM Bullion not disclosed for over four months


JM Bullion, the Dallas, Texas-based gold and silver online retailer was the victim of a payment-skimmer cyberattack.

On Saturday, October 31, the company sent e-mails to its online customers informing them about the cyberattack, which occurred between February 18 to July 17 this year.

JM Bullion found a malicious code on its website

The five-month cyber attack was not disclosed to customers until three and one-half months after its discovery.

JM Bullion informed its customers that, “On July 6, 2020, JM Bullion was alerted to suspicious activity on its website. JM Bullion immediately began an investigation, with the assistance of a third-party forensic specialist, to assess the nature and scope of the incident.” 

“Through an investigation, it was determined that malicious code was present on the website from February 18, 2020, to July 17, 2020, which had the ability to capture customer information entered into the website in limited scenarios while making a purchase.”

The statement claims that the cybercriminals stole customer’s personal data that included ”name, address, and payment card information (account number, card expiration date, and security code).”