Garmin is the victim of a data breach, it is warning customers in South Africa that shopped on the shop.garmin.co.za portal that their personal info and payment data were exposed.
The stolen data, included customers’ home addresses, phone numbers, emails, and credit card information that could be used to make purchases (i.e. Card number, expiration date and CVV code for your payment card
“We recently discovered
“The compromised data was limited to only Garmin’s South Africa site, and contained payment information, including the number, expiration date and CVV code for your payment card, along with your first and last name, physical address, phone number and email address.”
Garmin SA recommends customers to review and monitor all their payment card records for any purchases, it seems that the company is not offering to the impacted customers any fraud protection service.
Impacted customers have to contact their bank or payment card provider.
The breached shopping portal was using the popular Magento
The Register contacted Garmin South Africa to receive more info on the incident, the company confirmed that the
Garmin explained that the e-commerce site “was operated by a third party on behalf of Garmin South Africa.”
“Promptly after learning of this incident, we immediately shut down the impacted system, began an investigation, and contacted the South African Information Regulator.” Garmin told to ElReg.
“While Garmin does not store credit card information, the unauthorized party leveraged virtual skimming technology to capture customer details at the time of input, including credit card information.” It added that the incident was isolated to a few thousand customers who accessed the SA portal: “This incident affected less than 6,700 customers in South Africa and does not affect customers who purchased from other Garmin websites in other regions.”
When dealing with such kind of attacks, most of them were carried out by an umbrella of hacking crews that are tracked as Magecart, but at the time their involvement was not demonstrated by any security firm.
(SecurityAffairs – data breach, hacking)