- Wacom has started notifying customers about a security incident
- Threat actors managed to steal payment information from an undisclosed number of people
- The attack has been addressed, Wacom says
Design hardware firm Wacom has warned its customers that it may have lost their personal data, including payment information.
A report from The Register says the company believes the attack took place between November 28 2024, and January 8, 2025, and it is currently notifying affected individuals.
In the email notification letter, Wacom notes, “The issue that contributed to the incident has been addressed and is effectively being investigated. However, we are now writing only to customers who might have been potentially affected by this.”
A credit card skimmer?
Those that don’t get an official Wacom communication should consider themselves safe for now. Those that get the email should definitely start monitoring their credit card statements, and possibly even consider placing a fraud alert on their credit cards.
Wacom did not detail the attack at this point. Therefore, we don’t know who the attackers are, how they managed to infiltrate the company’s web shop, or how many people are affected.
While still in the domain of speculation, The Register believes a credit card skimmer code might have been involved, especially since Wacom’s web shop is powered by Magento.
Magento is a wildly popular open-source ecommerce platform, and as such is a frequent target. For example, in late July 2024, researchers reported on a creative technique involving so-called swap files being used to deploy persistent credit card skimmers on Magento sites. Earlier still, in April, cybersecurity researchers found a critical vulnerability in Magento allowing threat actors to deploy persistent backdoors onto vulnerable servers.
If you’re interested in learning more, make sure to read our definitive Magento hosting guide.
Via The Register
You might also like
https://cdn.mos.cms.futurecdn.net/uTLwBhC26YCauAq8Swffd8-1200-80.jpg
Source link
