Skip to content

Avery website hacked, customer credit card data stolen

  • by
  • 2 min read

The Avery Products Corporation suffered a data breach in December 2024; it was discovered that a threat actor planted a card skimmer on the company’s main shop’s domain on July 18, 2024. The intruders likely extracted any sensitive information entered on Avery’s website between July 18 and December 9, 2024.

The card skimmer was found following an internal investigation by the company’s digital forensic experts. The extracted information includes names, billing and shipping addresses, emails, phone numbers, purchase amounts, and financial information like card numbers, CVV codes, and expiry dates. Avery assures that other sensitive information like Social Security numbers, driver’s licenses, birthdays, and other government-issued IDs are still protected.

Avery also filed a report with the Maine Attorney General portal, claiming that 61,193 customers were affected. As is customary in such cases, the company is offering 12 months of free credit monitoring services via Cyberscout. Affected customers were also warned of suspicious communications and have been asked to report suspicious activity to banks and relevant authorities.

No information on how the threat actors could access the site and plant the malicious skimmer has been revealed. However, the company’s notice claims the attack to be ransomware in nature, attacking “certain systems” in its IT environment. It also didn’t reveal any information on the identity of the intruders and whether or not it’ll be negotiating with them to limit exposure potentially. Candid.Technology couldn’t find any traces of the stolen data being sold on popular cybercrime forums at the time of writing.

Regardless, the stolen data can be used to carry out fraudulent transactions under the victims’ names and accounts. Avery has also set up a dedicated assistance line to address any questions or concerns affected customers may have about the breach.

In the News: Phishers use malicious Google Ads to target advertisers globally

Yadullah Abidi

Yadullah Abidi

Yadullah is a Computer Science graduate who writes/edits/shoots/codes all things cybersecurity, gaming, and tech hardware. When he's not, he streams himself racing virtual cars. He's been writing and reporting on tech and cybersecurity with websites like Candid.Technology and MakeUseOf since 2018. You can contact him here: yadullahabidi@pm.me.

>