Technology

Zagg warns customers their data may have been stolen in third-party cyberattack

December 30, 2024

An attack on FreshClick has exposed customer payment details and more
The extension is used by Zagg’s ecommerce provider, BigCommerce
Affected customers are getting free credit monitoring for a year

Zagg has notified affected customers of a data breach that put highly sensitive information at risk, including payment card details.

In a letter dated December 26, 2024 (via the Office of the Maine Attorney General), the company confirmed a 12-day-long attack between October 26 and November 7, which it became aware of one day later on November 8.

The problem stems from an attack on FreshClick, a third-party application used by Zagg’s ecommerce software platform provider BigCommerce.

Zagg confirms cyberattack

“We learned that an unknown actor injected into the FreshClick app malicious code that was designed to scrape credit card data entered as part of the checkout process for certain ZAGG.com customer transactions between October 26, 2024 and November 7, 2024,” the company confirmed.

Names, shipping and billing addresses, and payment card information could be at risk as a result.

In recognition of the severity of the attack, Zagg is giving affected customers 12 months’ access to credit monitoring through Experian. It’s also urging customers to monitor their financial accounts, place fraud alerts and consider credit freezes to prevent identity theft.

BigCommerce said (via Bleeping Computer): “Acting in the best interest of our customers and their shoppers, we immediately uninstalled the app in their stores, which removed any compromised APIs and malicious code.”

Basic internet hygiene principles like being cautious about sharing certain information and following potentially malicious links go a long way to protecting consumers against potential attacks, however when an attack affects a third-party service such as this, there’s very little that consumers can do, highlighting the widespread risks of online activity.

Apologizing for the inconvenience, Zagg has established a dedicated phone line for concerned customers to seek further answers and advice.

Cookie	Duration	Description
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.

LEAVE A REPLY Cancel reply

EDITOR PICKS

POPULAR POSTS

QUICK LINKS

ABOUT US

FOLLOW US

Cookie bar