- Avery discovers credit card skimmer installed on its website
- Tens of thousands of people have had their sensitive data confiscated
- It now offers free credit monitoring services to those affected.
Hackers have been found stealing payments and personally identifiable information (PII) from customers of printing giant Avery for more than six months, experts have claimed.
Tens of thousands of people may have been affected by the incident affecting Avery Products Corporation, a leading manufacturer of printable labels, name tags, dividers and other customizable office supplies.
In a data breach notification letter sent to affected customers, Avery said it became aware of a “ransomware attack” on December 9, 2024.
Abused files in the wild
“Our investigation determined that an unauthorized actor inserted malware that was used to ‘capture’ credit card information used on our website between July 18, 2024 and December 9, 2024,” the letter states. .
The company added that the scraper most likely exfiltrated people’s full names, billing and shipping addresses, email addresses and phone numbers, payment card information (including CVV numbers and expiration dates) and purchase amounts.
Social Security numbers (SSN), driver’s license numbers and other government-issued identification numbers, dates of birth and other sensitive personal information were not recovered, Avery said.
At first, the company saw no evidence of misuse of the stolen information, but now warns that could have been the case.
“Initially, we had no evidence that any of the information had been acquired (e.g., downloaded or exfiltrated from the website),” he adds, “nor any indication that the information had been used in any way – for example to make fraudulent purchases We do not know if any fraudulent charges are linked to the incident on our website, but it now seems possible that payment card (and other) information may have been involved. was obtained because we received two emails from customers reporting fraudulent charges and/or phishing emails We have received a number of similar reports this month.
In a separate report filed with the Maine Attorney General’s Office, Avery said 61,193 people were affected by that attack. To mitigate risks, the company offers 12 months of free credit monitoring and identity theft protection services through Cyberscout.
Via BeepComputer
