UPDATED 21:44 EST / NOVEMBER 02 2020

SECURITY

Customer payment data stolen from precious metals trader JM Bullion

Customer payment data has been stolen from JM Bullion, a Texas-based online buyer and seller of precious metals, in a suspected Magecart attack.

According to a notice sent to customers recently, suspicious activity on its website was first detected on July 6 and involved malicious code that was later found to be present on the JM Bullion website from Feb. 18 to July 17.

The company officially describes the code as having the ability to “capture customer information entered into the website in limited scenarios while making a purchase.” It also noted that the data “potentially impacted” by the incident included names, addresses and payment card information including account number, card expiration date and security code.

The description fits Magecart to a tee. A typical Magecart attack involves malicious skimming code, usually via JavaScript attached to the submit button on the checkout form with the payment data captured with a purchase. Once users click on the submit button, the code intercepts all customer information, renders it as an image, encodes it and then sends it to the fake domain name.

Magecart, which first emerged in 2018, has targeted dozens of companies. Prominent victims include Newegg Inc., the Infowars StoreCathay Pacific Airways Ltd.Ticketmaster Entertainment Inc., Macy’s Inc.Sweaty Betty and Oxo International Ltd.

Exactly how many customers may have had their data stolen in this attack is unknown. JM Bullion claims to have processed more than $3 billion in transactions over the last eight years.

Ilia Kolochenko, founder and chief executive officer of web security company ImmuniWeb, told SiliconANGLE it’s likely the company could face harsh monetary penalties. “A COVID-19 defense to mitigate the amount of fine will likely be inapplicable here like in the recent British Airways or Marriott cases,” he said. “Moreover, in view of the circumstances, individual and class action lawsuits from the victims have excellent chances of success to obtain considerable monetary compensation, likely in a form of a settlement.”

Saryu Nayyar, chief executive officer of unified security and risk analytics company Gurucul Solutions Pvt Ltd. A.G., said the attack against JM Bullion is concerning for two main reasons.

“The first is the five-month dwell time the attackers had between initially compromising JM Bullion’s website and the eventual remediation,” she said. “The second is the additional three months between their remediating the breach and notifying the users who may have been affected. Neither of those statistics inspires confidence, which is even more of an issue in the Financial Services and Commodities sectors.”

In any case, Nayyar added, it appears there are some gaps in JM Bullion’s security stack. “A complete stack, including behavioral analytics, should have been able to identify the breach quickly, preventing the potential damage to their customer base,” she said.

Image: JM Bullion

A message from John Furrier, co-founder of SiliconANGLE:

Your vote of support is important to us and it helps us keep the content FREE.

One click below supports our mission to provide free, deep, and relevant content.  

Join our community on YouTube

Join the community that includes more than 15,000 #CubeAlumni experts, including Amazon.com CEO Andy Jassy, Dell Technologies founder and CEO Michael Dell, Intel CEO Pat Gelsinger, and many more luminaries and experts.

“TheCUBE is an important partner to the industry. You guys really are a part of our events and we really appreciate you coming and I know people appreciate the content you create as well” – Andy Jassy

THANK YOU