Payment-skimmer cyber attack on JM Bullion not disclosed for over four months


Very little is known about which specific customers had their information impacted. According to its website, it ships more than 30,000 orders per month. It has been reported that JM Bullion posted sales of more than $3 billion over an eight-year period.

What is a payment-skimmer attack? 

The company website claims it uses 256-bit SSL encryption, certified by DigiCert/Norton. They also assure that “We never have access to your credit/debit card information, as it is processed securely by CyberSource, the parent company of, following the most stringent PCI-compliant standards.”

Despite the firm’s security, the attacker breached its encryption and other protections to scan in private information.

This cyberattack is known as a MageCart or payment-skimmer attack which is a form of a Man-in-the-Middle hack. Magecart is most effective on websites built on the Magento e-commerce platform. It works by inserting lines of malicious JavaScript code into a website that diverts payment information to a hacker’s external server.