JM Bullion, a leading online retailer of precious metals has revealed details of a significant data breach.
The company which sells gold, silver, copper, platinum and palladium was the victim of a cyber-attack in February of this year.
On 6 July 2020, JM Bullion were notified regarding suspicious activity on their website and with the assistance of forensic specialists immediately began investigations. It was established that a malicious code had been entered onto the website and was present during the period 18 February 2020 to 17 July 2020. The code was used to capture customer payment information. The stolen data was then sent to another server controlled by the hackers. This type of cyber-attack is known as MageCart and is very concerning given that the code was present for five months.
The personal data believed to have been stolen includes customer names, addresses and payment card details.
JM Bullion has contacted all those affected and advised that they monitor their accounts for fraudulent activity.
In a letter addressed to all those affected, the company’s CEO said:
“In response to this incident, JM Bullion notified law enforcement, our card processor, and the credit card brands, and continues to work with them as needed.
We also reviewed our internal procedures and implemented additional safeguards on our website to protect customer information in our possession.”
At this time it is not known how many customers are affected, but JM Bullion’s website states that it ships more than 30,000 orders per month and has more than 500,000 customers.
If you bought goods online between 18 February and 17 July or have been contacted by JM Bullion, get in touch with our experienced team for advice.