[BreachExchange] DiscountMugs.com says four months of customer credit cards stolen by hackers

[Destry Winant]

https://techcrunch.com/2019/01/04/discountmugs-customer-credit-card-data-breach/

DiscountMugs.com, a large online custom mug and apparel store, had a
four-month-long data breach just before the busy Christmas holiday
season.

The company said in a letter to state attorneys general that hackers
siphoned off credit card numbers from customers who made orders
through its site between August 5 and November 16, 2018 using code
injected on the company’s payments page.

The malicious card skimming code was removed from the site after it
was discovered.

According to the letter, the hackers stole credit card numbers, the
security code and expiration date, as well as names, addresses, phone
numbers, email addresses and ZIP codes — everything that someone might
need to make fraudulent payments.

But the company didn’t say how many people were affected by the
breach. It’s believed to be thousands of customers who made purchases
through the site during the four-month period.

TechCrunch reached out to Sai Koppaka, chief executive of parent
company Bel USA, who did not respond to a request for comment, nor did
the company’s spokesperson. Emails sent to Comvest, a private equity
firm and an investor in Bel USA, also went unreturned.

DiscountMugs.com might not be a household name, but it ranks in the
top 10,000 sites in the U.S., according to Alexa, bringing in
thousands of customers every day.

The company becomes the latest in a line of websites affected by
credit card skimming code. The so-called Magecart group of hackers
have targeted thousands of sites in the past few years, scraping
credit card data when a customer enters their information at the
checkout and silently sending it on to the hackers’ servers.

Other big-name companies were hit, including British Airways, Newegg
and Ticketmaster.