Call Now 888.400.5530

ITRC-logo-color-final
Search
Close this search box.

Formjacking Tactics Used in FabFitFun Data Breach

Date: 06/04/2020

Some members of FabFitFun are trying to figure out the next steps for them to take following a FabFitFun data breach. FabFitFun, a company that allows consumers to become members and get customized boxes mailed to them with products, suffered a data breach as the result of formjacking, where a thief inserts a code that gathers credit card information and, in some cases, more personal information in the background while the transaction processes like normal.

According to the Office of the Vermont Attorney General, the FabFitFun technical team discovered illegally placed malicious code on the company’s website. The breach notification letter states the malicious code was placed on the “Shop” portion of the website on May 2 and taken down on May 6. FabFitFun says the data breach did not impact the “Add-Ons” and “Box Purchases” portions of the website.

Members who completed purchases between May 2 and May 6 may have had personal information exposed during the FabFitFun data breach, including names, addresses, cities, states, zip codes, phone numbers, email addresses, credit card numbers, CVV codes and card expiration dates. If members were in the process of checking out but did not complete a purchase between May 2 and May 6, they could have had their names, addresses, cities, states, zip codes, phone numbers and email addresses exposed. Fortunately, those members are not believed to have had any credit card information leaked.

After learning of the malicious code, FabFitFun took down the code and offered affected members an annual membership. Anyone who’s information was exposed in the FabFitFun data breach should contact their credit card or debit card provider and follow their recommendations. Members should monitor their credit card or debit card statements for any suspicious activity and report anything suspicious to the bank listed on the card. For fraudulent charges, members should file an ID Theft Report with the Federal Trade Commission and obtain a copy for their records in case it needs to be used with a creditor to clear fraudulent charges.

Members affected by the FabFitFun data breach can also live-chat with an Identity Theft Resource Center expert advisor, or call toll-free at 888.400.5530. They can also download the free ID Theft Help App, where they can create a customized log to track all their steps in resolving their data breach case, access ITRC advisors for a personalized action plan, resources and much more.

You might also like…

Arbonne Data Exposure Compromises Thousands of Accounts

Consumers Should Watch Out for COVID-19 Job Reopening Scams

ShinyHunters Hacks Expose Business Vulnerabilities

How much information are you putting out there? It’s probably too much. To help you stop sharing Too Much Information, sign up for the In the Loop.

notified-ad.png

Get ID Theft News

Stay informed with alerts, newsletters, and notifications from the Identity Theft Resource Center

notified-ad.png
© Copyright 2024- Identity Theft Resource Center

This product was produced by the ITRC under 2018-V3-GX-K007, awarded by the Office for Victims of Crime, Office of Justice Programs, U.S. Department of Justice. The opinions, findings, and conclusions or recommendations expressed in product are those of the contributors and do not necessarily represent the official position or policies of the U.S. Department of Justice. View more about our copyright info here.