Customer Credit Card Details Compromised in ZAGG Data Breach

Leading consumer electronics accessories company ZAGG Inc. has disclosed a massive data breach that compromised customer credit card information.

Third-party app flaw exploitation leads to data breach

In the security incident, threat actors exploited a vulnerability in a third-party application on the company's e-commerce platform.

According to ZAGG’s representatives, the breach was spotted on Nov. 8, when the e-commerce platform alerted the company about the compromise.

An investigation revealed that malicious actors had injected harmful code into the vulnerable app, allowing them to harvest sensitive customer data, including customer names, addresses, and payment card details, entered during transactions on ZAGG’s website.

Details of the breach

Threat actors specifically targeted transactions made between Oct. 26 and Nov.7. After learning about the incident, the e-commerce platform promptly removed the compromised app from its ecosystem.

“Through this investigation, we learned that an unknown actor injected into the FreshClick app malicious code that was designed to scrape credit card data entered as part of the checkout process for certain ZAGG.com customer transactions between October 26, 2024 and November 7, 2024,” according to ZAGG’s breach notification.

Company response and mitigation steps

In response to the breach, ZAGG took immediate steps to secure its website, initiated an extensive investigation, and notified law enforcement authorities and affected customers.

The breach notification included detailed instructions for affected individuals to monitor their accounts for signs of fraud. The company also offered 12 months of complimentary credit monitoring services.

“We encourage you to remain vigilant against incidents of identity theft and fraud by reviewing your account statements and monitoring your free credit reports for suspicious activity and to detect errors,” reads the company’s security advisory.

Preparing for unexpected situations

Data breaches often occur beyond the control of the individuals whose information is compromised. However, this is no reason to remain unprepared.

Specialized solutions like Bitdefender Digital Identity Protection can play a crucial role in safeguarding personal data and minimizing the impact of breaches. By continuously monitoring for leaked data online and notifying users of potential threats, this service allows users to take swift action to protect themselves.