Pierluigi Paganini January 21, 2020

The US-based children’s clothing maker Hanna Andersson has disclosed a data breach that affected its customers.

The US-based children’s clothing maker and online retailer Hanna Andersson discloses a data breach, attackers planted an e-skimmer on its e-commerce platform.

Like other Magecart attacks, crooks compromised the online store and injected a JavaScript code into checkout pages to steal payment data while users were making purchases.

Hacker groups under the Magecart umbrella continue to steal payment card data with so-called software skimmers. Security firms have monitored the activities of a dozen groups at least since 2010. 

According to a joint report published by RiskIQ and FlashPoint in 2019, some groups are more advanced than others, in particular, the gang tracked as Group 4 appears to be very sophisticated.

The list of victims of the groups is long and includes several major platforms such as British Airways, Newegg, Ticketmaster, MyPillow and Amerisleep, and Feedify. 

Millions of Magecart instances were detected over time, security experts discovered tens of software skimming scripts.

In a report recently published by RiskIQ, experts estimate that the group has impacted millions of users. At the time, RiskIQ reported a total of 2,086,529 instances of Magecart detections, most of them were supply-chain attacks.

Hanna Andersson started informing its customers via email, the company was informed by law enforcement on December 5 that data related to credit cards used by its customers on its websites were available for sale on the dark web.

The company immediately launched an investigation that revealed that a third-party ecommerce platform, Salesforce Commerce Cloud, was infected with an e-skimmer. Forensics experts hired by the company discovered that the malicious code was likely planted on September 16, 2019. The malware was completely removed on November 11, 2019.

While Hanna Andersson’s investigation into the security incident revealed that no all of the customers who paid using their payment cards through the Salesforce Commerce Cloud (previously known as Demandware), it was not able to pinpoint the ones who were.

“The incident potentially involved information submitted during the final purchase process on our website, www.hannaandersson.com, including name, shipping address, billing address, payment card number, CVV code, and expiration date,” reads a notice issued by the company.

“We have taken steps to re-secure the online purchasing platform on our website and to further harden it against compromise. In addition, we have retained forensic experts to investigate the incident and are cooperating with law enforcement and the payment card brands in their investigation of and response to the incident.”

The company sanitized its e-commerce platform and declared to have implemented additional measures to protect the website.

The retailer is offering MyIDCare identity theft protection services through ID  Experts, it includes 12 months of credit and CyberScan monitoring, a $1,000,000 insurance reimbursement policy, and fully managed id theft recovery services.

Pierluigi Paganini

(SecurityAffairs – Hanna Andersson, hacking)

[adrotate banner=”5″]

[adrotate banner=”13″]