- Avery discovers a credit card skimmer installed on its website
- Tens of thousands of people have had their confidential data stolen.
- It is now offering free credit monitoring services to affected individuals.
Hackers have been found stealing payments and personally identifiable information (PII) from printing giant Avery’s customers for more than half a year, experts have claimed.
Tens of thousands of people may have been affected by the incident that affected Avery Products Corporation, a major manufacturer of printable labels, name tags, dividers and other customizable office supplies.
In a data breach notification letter sent to affected customers, Avery said it became aware of a “ransomware attack” on December 9, 2024.
Abused files in the wild
“Our investigation determined that an unauthorized actor inserted malicious software that was used to “extract” credit card information used on our website between July 18, 2024 and December 9, 2024,” reads the letter.
The company added that the scraper likely exfiltrated people’s full names, billing and shipping addresses, email addresses and phone numbers, payment card information (including CVV numbers and expiration dates), and purchase amounts.
Social Security numbers (SSNs), driver’s license numbers and other government-issued identification numbers, dates of birth and other sensitive personal information were not taken, Avery said.
At first, the company did not see any evidence of abuse of the stolen information, but now warns that this could have been the case.
“Initially, we had no evidence that the information was acquired (e.g., downloaded or exfiltrated from the website),” he added, “nor did we have any indication that the information had been used in any way, such as to make fraudulent purchases.” We don’t know if the fraudulent charges are related to the incident on our website, but it now appears possible that payment card (and other) information may have been acquired as we received two emails from customers indicating they incurred a charge. fraudulent and/or phishing email. We received several similar reports this month.”
In a separate report filed with the Maine Attorney General’s Office, Avery said 61,193 people were affected by this attack. To mitigate risks, the company offers 12 months of free credit monitoring and identity theft protection services through Cyberscout.
Through beepcomputer
