NOTICE: If you made an online purchase from JM Bullion or its subsidiary Provident Metals between January 1, 2020 and July 17, 2020 and have received a NOTICE OF DATA BREACH, contact the Arnold Law Firm at (916) 777-7777.
The unauthorized code was inserted on the www.jmbullion.com website on February 18, 2020 and remained active for five months until it was removed on July 17, 2020. JM Bullion also discovered malicious code on its subsidiary website www.providentmetals.com that compromised customer data from January 1, 2020 through July 17, 2020.
Sensitive personal information compromised in the JM Bullion data breach includes:
JM Bullion reported the incident to law enforcement, but waited to notify customers until October 28, 2020, without explanation for the three-month delay between remediating the breach and notifying affected individuals. They also failed to explain the 11-day span during which the skimmer remained active after the company became aware of suspicious activity on the website.
JM Bullion claims that 28,234 customers were affected. However, the retailer has an estimated 500,000 customers and ships more than 30,000 orders per month. The company declined to offer identify theft protection services for affected customers.
JM Bullion was founded in 2011 and is headquartered in Dallas, Texas. The online precious-metal retailer deals exclusively in physical bullion, including gold, platinum, silver, copper and palladium. The company acquired Provident Metals in August 2019. Estimated annual revenues are $780 million.
The data breach lawyers at the Arnold Law Firm will continue to monitor the incident and provide updated information as our investigation continues.
If you made an online purchase from JM Bullion or its subsidiary Provident Metals between January 1, 2020 and July 17, 2020 and have received a NOTICE OF DATA BREACH, contact the Arnold Law Firm at (916) 777-7777 for a free case evaluation.