Zagg is warning customers that their data may have been stolen in a third-party cyber attack
- An attack on FreshClick has exposed customer payment details and more
- The extension is used by Zagg’s e-commerce provider BigCommerce
- Affected customers will receive free credit monitoring for a year
Zagg has notified affected customers of a data breach that compromised highly sensitive information, including payment card information.
By letter dated December 26, 2024 (via the Office of the Attorney General of Maine), the company confirmed a twelve-day attack between October 26 and November 7, which it became aware of a day later on November 8.
The issue stems from an attack on FreshClick, a third-party application used by Zagg’s e-commerce software platform provider BigCommerce.
Zagg confirms cyber attack
“We have learned that an unknown actor injected malicious code into the FreshClick app designed to collect credit card information entered as part of the checkout process for certain ZAGG.com customer transactions between October 26, 2024 and November 7, 2024,” it said. the company. confirmed.
Names, shipping and billing addresses, and payment card information may be compromised.
In recognition of the severity of the attack, Zagg is offering affected customers access to credit monitoring through Experian for 12 months. It also urges customers to monitor their financial accounts, post fraud alerts and consider credit freezes to prevent identity theft.
BigCommerce said (via Beeping computer): “In the best interests of our customers and their customers, we immediately removed the app from their stores, removing all compromised APIs and malicious code.”
Basic internet hygiene principles, such as being cautious about sharing certain information and following potentially malicious links, go a long way in protecting consumers from potential attacks. However, when an attack hits a third-party service like this, there is very little consumers can do. the widespread risks of online activities.
Zagg apologizes for any inconvenience and has set up a dedicated telephone line for concerned customers to request further answers and advice.