Two Online Gun Stores Admit Data Breaches Following Web Skimming Attacks

Amidst the rising attention that the gun sales sector has garnered, two US online gun stores report suffering web skimming attacks. The stores confirmed that the attacks allowed the attackers to steal credit card details and make unauthorized transactions.

Online Gun Stores In The US Suffered Web Skimming

The two US-based online gun stores, Rainier Arms and Numrich Gun Parts Corporation fell prey to web skimming attacks.

According to the data breach notification from Rainier Arms, their store suffered a cyberattack last year. In December 2021, they received reports about unauthorized transactions from their buyers’ payment cards. Investigating the matter alongside the forensic review of their store’s website revealed the existence of web skimmers on their site.

Consequently, the attack resulted in the loss of customers’ payment information to the attackers between June 1, 2021, and January 19, 2022

Following this discovery, the store remediated the issue and employed preventive measures to prevent further attacks, like updating user passwords.

Similarly, the other store, Numrich Gun Parts Corporation, reported the data breach to the relevant law enforcement agencies.

According to the data breach notification available with the Office of the Maine Attorney General, they noticed suspicious activities on their site in March 2022. Investigating the matter confirmed the unauthorized access to their site, possibly between January 23, 2022, and April 5, 2022.

Further inspections confirmed that the attackers accessed the customers’ financial data. As stated,

Our records indicate you made a purchase on our website during the above time period. Therefore, the following information related to you may have been impacted: name, address, and payment card information, including card number, security code, and expiration date.

This incident affected over 45,000 individuals, including 300+ from Maine.

The firm encourages users to monitor their bank statements for unauthorized transactions vigilantly to prevent further damages.

Let us know your thoughts in the comments.

Related posts

Hard-Coded Credentials Vulnerability Found In Kubernetes Image Builder

Critical Vulnerability Patched In Jetpack WordPress Plugin

Astaroth Banking Malware Runs Actively Targets Users In Brazil