Malicious actors have a number of different approaches when trying to breach a company’s website or security defenses. In a recently announced data breach, the socially-conscious sock donation company Bombas alerted its customers to a formjacking attack which appears to have compromised customers’ names, addresses and payment card information. This is the second Bombas data breach reported, following a separate incident of the same nature that the company discovered in November 2014.

Bombas operates under the model of “buy one, give one.” For every pair of the company’s socks that are purchased, Bombas donates another pair to homeless shelters. This model has made the company popular with consumers who enjoy not only the company’s quality, but also their give-back business model.

formjacking attack occurs when hackers intentionally insert malicious JavaScript into a website. Once the new section of code is in place and operating, the hackers are given the information that a customer types into the website’s form. When customers entered their buyer information to complete a transaction on Bombas’ website, the hackers also received that information unbeknownst to the customer, while the transactions were completed normally.

Fortunately, scheduled updates to the Bombas website on February 16, 2017, rendered the formjacking code useless. However, the company’s investigation shows it may have been inserted as early as November 11, 2016. As such, Bombas is offering free credit monitoring to its customers. Anyone who may have made purchases between those identified dates is also encouraged to take further steps to reduce their risk of falling victim to identity theft due to the Bombas data breach.

Customers who made purchases between November 11, 2016, and February 16, 2017, should consider freezing their credit reports with the three credit reporting agencies, TransUnion, Experian and Equifax. They may also opt to view a free credit report from each of those agencies through AnnualCreditReport.com to look for any unusual activity. All consumers, especially those who may have been impacted by any type of data breach or data leak, should routinely monitor their financial statements and report any suspicious findings to the Federal Trade Commission.

Victims of the Bombas data breach can live-chat with an Identity Theft Resource Center expert advisor via the agency’s website or by calling toll-free at 888.400.5530. Advisors can help victims create an action plan that is tailored to their specific situation. Victims can also download the free ID Theft Help App for iOS and Android to access a case log tool for tracking their steps, free resources, advisors and much more.


Read more…

Watch out for 2020 Summer Scams

Credit Reporting Agencies Announce Free Credit Reports Every Week Through 2021

Dark Web Data Breach Leads to Thieves Stealing from Thieves