Call Now 888.400.5530

ITRC-logo-color-final
Search
Close this search box.

Hackers Take Advantage of COVID-19 Closures to Launch Claire’s Data Breach

Date: 06/18/2020

A Claire’s data breach has some affected consumers looking for next steps. The popular jewelry and accessories retailer Claire’s, and its sister-company Icing, suffered a data breach of customers’ payment card details in an event that is believed to be the work of a Magecart attack. Magecart attacks are typically initiated by hackers using malware to insert harmful code into the company’s website. Once the hackers’ own code is in place within the website’s existing code, it can then be used to glean information that is entered during the checkout process without any change to the transaction process.

In the Claire’s data breach, the Magecart attack began skimming payment card information from the retailer’s website around April 20 but may have been inserted as early as March 20, the day after Claire’s physical locations were closed due to COVID-19. With the increase in online traffic from store closings and the reduced workforce available to oversee any possible threats, hackers were able to steal transaction details. The company is still investigating but has already said that no in-store transactions leading up to these dates were compromised.

Claire’s was informed of the breach by security researchers at Sansec; the company immediately shut down its site and removed the malicious code, as well as implemented additional measures to reinforce the security of their platform. Anyone who may have made an online transaction between April 25 and June 13 should consider proactive steps, such as contacting their financial institutions to cancel their payment cards and request new ones. They should also change their usernames and passwords on their Claire’s or Icing online account, as well as any other accounts that may use those same login credentials. Finally, consumers who may have been affected by the Claire’s data breach should know that copies of credit reports from each of the three major credit reporting agencies are free every week until April 2021; a credit report can help consumers monitor their information for suspicious activity in order to report it.

Victims of the Claire’s data breach or any other data compromise event can also live-chat with an Identity Theft Resource Center expert advisor or contact one by calling toll-free at 888.400.5530. Advisors will help victims create an action plan that is tailored to their needs. They can also download the free ID Theft Help App for iOS and Android for access to a case log, resources, advisors and much more.

You might also like…

U.S. MARSHALS SERVICE DATA BREACH EXPOSES IDENTITIES OF 387,000 PRISONERS

BOMBAS, COLUMBIA COLLEGE OF CHICAGO AND ST. JOSEPH’S HEALTH SYSTEM DATA BREACHES AMONG LATEST WEEK OF COMPROMISES

YEARS OF FORMJACKING LEADS TO BOMBAS DATA BREACH

How much information are you putting out there? It’s probably too much. To help you stop sharing Too Much Information, sign up for the In the Loop.

notified-ad.png

Get ID Theft News

Stay informed with alerts, newsletters, and notifications from the Identity Theft Resource Center

notified-ad.png
© Copyright 2024- Identity Theft Resource Center

This product was produced by the ITRC under 2018-V3-GX-K007, awarded by the Office for Victims of Crime, Office of Justice Programs, U.S. Department of Justice. The opinions, findings, and conclusions or recommendations expressed in product are those of the contributors and do not necessarily represent the official position or policies of the U.S. Department of Justice. View more about our copyright info here.