DiscountMugs.com, the Top 50 distributor based in Medley, Fla., said a data breach may have exposed customer credit card numbers and other sensitive information. In a letter to customers, the company said it discovered the breach on Nov. 16, and that orders placed between Aug. 5 and Nov. 16 may have been affected.
“We recently discovered that an unauthorized change was made to our DiscountMugs.com website,” Sai Koppaka, DiscountMugs.com CEO, told us via email. “We immediately initiated an investigation and learned that unauthorized code was inserted into our shopping cart page. We quickly removed the unauthorized code, retained forensic experts to help investigate the issue and reported the matter to law enforcement. We have and will continue to take steps to improve our security posture based on the findings of the investigation. We have also notified the individuals who were potentially impacted by this issue and are providing identity theft protection to them at no charge.”
The company said exposed information may have included customer names, addresses, phone numbers, email addresses, credit card or debit card numbers used to place orders, card expiration dates, and card security codes. PIN numbers were not affected, as DiscountMugs.com does not collect that information. The distributor did not say how many customers were affected by the breach, but TechCrunch, which first reported the news last week, said the number could be in the thousands.
TechCrunch also reported that the attack was likely the work of “Magecart,” a group of hackers that’s used credit card skimming codes to target “thousands of sites” over the last few years. Those sites include Ticketmaster, British Airways and other large companies.
DiscountMugs.com advised customers to immediately report suspicious credit card activity, and will provide affected customers 12 months of service from AllClearID, an identity protection firm, at no cost.
Cyber attacks have become a very real threat to promotional products businesses. Early last year, Hit Promotional Products, Hub Promotional Group, High Caliber and other suppliers dealt with a string of malware attacks. And, later in the year, supplier Colorado Timberline abruptly shutdown after a ransomware attack crippled its ability to do business.
These attacks underscore the continuing need for promotional products businesses to be vigilant in monitoring customer data security to protect customers and themselves. As we’ve seen, no company is invulnerable, but it pays to be prepared with a plan of action.
