Security was far from bullet proof


US ammunition retailer Graf & Sons (Grafs) has admitted suffering a data breach that exposed customers’ credit card details.

In a notice to customers, Grafs said that hackers had placed malicious code on the systems of its hosting provider. As a result, the code was served through Grafs’ website. This malware captured customer credit card information from the e-commerce portion of grafs.com.

The attack was detected late last month after Missouri-based Grafs started an investigation when it noticed problems with its site.

It’s still unclear whether or not hackers managed to exfiltrate the stolen data but Grafs nonetheless decided it was prudent to warn customers that it had experienced a breach.

In a statement, Grafs said that it had notified the FBI and other authorities while it continues to investigate the problem and shore up its defenses.

Customer data affected by the breach included names, email addresses, mailing addresses, and payment card data, such as credit card numbers, expiration dates, and CVV numbers.

Details of the security incident became public on Wednesday after the breach notice was re-posted on the website of the Vermont Attorney General.

It’s unclear how many consumers were affected by the breach.

Grafs is yet to respond to inquiries from The Daily Swig on this point or whether the tactics used to hack its site were the same as those applied against Ticketmaster, BA, and others by cybercriminals using the so-called Magecart techniques.

We’ll update this story as and when more information comes to hand.


Related: Criminal turf war may be brewing after Magecart double whammy