U.S. kids’ wear brand Hanna Anderson’s online purchase platform was hacked during the holiday season of December 2019. The attackers stole the credit card details including customer name, payment card number, CVV code, expiration date along with billing and shipping address of its customers from the checkout and payment page of the online portal.
An email sent by Hanna Andersson to its customers stated that, on December 5, 2019, law enforcement authority informed the retail giant about credit cards used on its website being sold on the dark web. The IT department responded quickly to this intimation and assembled a cyber forensic team to investigate the breach.
The cyber forensic team’s investigation confirmed that Hanna Andersson’s “third-party eCommerce platform, Salesforce Commerce Cloud, was infected with malware that may have scraped information entered by customers into the platform during the purchase process. The earliest potential date of compromise identified by the (cyber) forensics investigators is September 16, 2019, and the malware was removed on November 11, 2019.
However, the investigators were not able to determine the exact number of compromised details. Therefore, as a precautionary measure, Hanna Andersson decided to inform all its customers about the breach, who purchased goods from the online portal during the reported time period.
Hanna Andersson confirmed that it is fully cooperating with the law enforcement department and payment card companies in further investigating the incident. The retailer has taken required steps to re-secure the third-party online purchase platform.
This attack is similar to the Magecart attack faced by Macy’s, an American department store chain, in October 2019. The retailer stated that unknown intruders planted a card-stealing malware script on its payment site and collected customer details.
According to a press release, the attackers installed a Magecart script on the checkout page of its website and siphoned off customers’ payment card details between October 7 and October 15, 2019. “The unauthorized code was highly specific and only allowed the third-party to capture information submitted by customers on macys.com and the checkout page – if ‘place order’ button was hit after entering the credit card data, and the wallet page was accessed through My Account. Our teams successfully removed the unauthorized code on October 15, 2019,” the statement added.
Macy’s clarified that the attack only affected its webpage users and not the users who made purchases using its mobile application. Security experts opined that the attack appears to be a Magecart operation.