A Claire’s data breach has some affected consumers looking for next steps. The popular jewelry and accessories retailer Claire’s, and its sister-company Icing, suffered a data breach of customers’ payment card details in an event that is believed to be the work of a Magecart attack. Magecart attacks are typically initiated by hackers using malware to insert harmful code into the company’s website. Once the hackers’ own code is in place within the website’s existing code, it can then be used to glean information that is entered during the checkout process without any change to the transaction process.
In the Claire’s data breach, the Magecart attack began skimming payment card information from the retailer’s website around April 20 but may have been inserted as early as March 20, the day after Claire’s physical locations were closed due to COVID-19. With the increase in online traffic from store closings and the reduced workforce available to oversee any possible threats, hackers were able to steal transaction details. The company is still investigating but has already said that no in-store transactions leading up to these dates were compromised.
Claire’s was informed of the breach by security researchers at Sansec; the company immediately shut down its site and removed the malicious code, as well as implemented additional measures to reinforce the security of their platform. Anyone who may have made an online transaction between April 25 and June 13 should consider proactive steps, such as contacting their financial institutions to cancel their payment cards and request new ones. They should also change their usernames and passwords on their Claire’s or Icing online account, as well as any other accounts that may use those same login credentials. Finally, consumers who may have been affected by the Claire’s data breach should know that copies of credit reports from each of the three major credit reporting agencies are free every week until April 2021; a credit report can help consumers monitor their information for suspicious activity in order to report it.
Victims of the Claire’s data breach or any other data compromise event can also live-chat with an Identity Theft Resource Center expert advisor or contact one by calling toll-free at 888.400.5530. Advisors will help victims create an action plan that is tailored to their needs. They can also download the free ID Theft Help App for iOS and Android for access to a case log, resources, advisors and much more.
You might also like…