JM Bullion, an online retailer of gold and silver products, has recently disclosed a security incident exposing shoppers’ personal and financial information.
According to a notice sent to impacted users, JM Bullion’s website was hijacked on February 18, 2020. Bad actors managed to inject malicious code into the retailers’ e-commerce page, stealing customers’ names, physical addresses and payment card information, such as account numbers, card expiration dates and security codes.
The incident was discovered nearly five months later, with the assistance of a third-party cybersecurity expert.
“On July 6, 2020, JM Bullion was alerted of suspicious activity on its website,” the notice reads. “JM Bullion immediately began an investigation, with the assistance of a third-party forensic specialist, to assess the nature and scope of the incident. Through an investigation, it was determined that malicious code was present on the website from February 18, 2020 to July 17, 2020, which had the ability to capture customer information entered into the website in limited scenarios while making a purchase.”
The Texas-based company gave no further details on how the attack took place or the number of people affected. However, JM Bullion said that only “a small portion of the transactions processed” on their website was impacted.
The retailer also said it notified law enforcement, credit card brands and card processors, and implemented additional security measures to protect against further attacks.
Customers who made purchases during the timeframe are advised to closely monitor their credit card statements and report any suspicious activity to their financial institution.
Although the incident did not affect user accounts, it is highly recommended to review login information and reset the password for your JM Bullion online account.