Hackers steal ZAGG customers' credit cards in third-party breach

ZAGG, a consumer electronics and iPhone accessory maker, has recently notified its customers of a credit card information breach. The breach occurred between October 26 and November 7, 2024, due to a hack of a third-party payment processor, specifically the FreshClicks app provided by BigCommerce24.

Here are the key details of the breach:

• Scope of Breach: The attacker injected malicious code into the FreshClicks app, designed to scrape credit card data entered as part of the ZAGG checkout process. This resulted in the theft of names, addresses, and payment card data belonging to shoppers at zagg.com24.
• Third-Party Involvement: The breach involved a third-party application, FreshClicks, which is part of the BigCommerce e-commerce platform. Although BigCommerce emphasized that its own systems were not breached or compromised, it did disable and uninstall the FreshClicks app from its clients' stores to remove any compromised APIs and malicious code24.
• Remediation Measures: ZAGG has implemented remediation measures, including notifying federal law enforcement and regulators. Affected customers are being offered a free-of-charge, 12-month credit monitoring service through Experian. Customers are also advised to monitor their financial account activity closely, place fraud alerts, and consider placing a credit freeze24.

This incident highlights the importance of robust security measures in third-party applications and the need for swift action in addressing data breaches to protect customer information.