Data Breaches Sour Holiday Shopping: Check Your Credit Card Statements

using credit card onlineAs thousands of consumers are discovering this month, the 2019 holiday season resulted in data breaches with several popular retailers that process purchases through Salesforce Commerce Cloud or Magneto Marketplace -- both leading ecommerce platforms.

These “e-skimming” breaches appear to be the work of Magecart, a hacking group that steals payment card data through online shopping cart systems during the transaction.

The Magecart malware taps into online shopping carts to capture the consumer’s payment information while they complete their purchase. This information is then sold on the dark web, often including security details, such as the card verification value (CVV) number on the back of your credit card.

Magecart has been active since 2016, and has become increasingly prolific. When retailers use online shopping carts, but fail to properly vet code provided by popular third-party vendors, it creates a transaction situation that is vulnerable to wide-scale hacking.

Compromised retailers have been announcing these e-skimming data breaches and sending notification letters to potentially affected consumers. Retailers who have recently announced a data breach include:

  • Hanna Andersson – Portland-based retailer of Swedish-inspired children’s clothing
  • Evo.com – retailer of outdoor gear and fashion apparel
  • Sweaty Betty – British retailer specializing in women’s activewear
  • Macy’s – luxury department store chain

On January 15, Hanna Andersson notified customers of a nearly two-month data breach involving online transactions from September 19 through November 11, 2019. An unauthorized party had access to card payment information that certain customers entered as they were checking out at the vendor’s website. It is unclear how many customers were affected by the incident.

Online consumers are advised to review their credit card statements regularly for suspicious activity. If you have unauthorized credit card charges that you think are a result of a recent e-skimming data breach, contact the Arnold Law Firm at (916) 777-7777 to discuss your legal options.