E-skimming attack at US gun shops impact over 90,000 customers

US gun retailers Rainier Arms and Numrich Gun Parts have disclosed data breach incidents resulting from card skimmer attacks on their websites, rainierarms[.]com and gunpartscorp[.]com.

The attackers managed to view highly sensitive customer information, including credit or debit card numbers and names.

According to a data breach notice sent to the customers affected, Ranier Arms says that it first discovered unauthorized payment card activity on its website beginning in December 2021.

“We immediately began an investigation and engaged an outside firm to perform a forensic review of our website,” the letter sent to impacted customers reads.

The investigation identified malicious code that had been active on their website for over six months.

“On April 21, 2022, our investigation identified malicious code designed to capture information entered into our website, including payment card information,” the company said. “The investigation determined that an unauthorized party may have accessed payment card information entered onto our website between June 1, 2021and January 19, 2022.”

The notice shared with the Attorney General's Office of Montana reveals over 46,000 impacted shoppers.

Numrich Gun Parts Corporation suffered a similar incident impacting 45,169 customers, according to a data breach notice filed with the Office of Maine Attorney General.

“On or about March 28, 2022, Numrich became aware of suspicious activity occurring within its e-commerce website,” the gun retailer said. “The investigation determined that an unknown actor gained access to certain customer payment information entered into our website between January 23, 2022 and April 5, 2022. “

Impacted information includes name, address and payment card information, including card number, security code and expiration date.

Both companies have advised customers to remain vigilant against crimes related to identity theft and immediately report any fraud to their financial institutions and police.

Skimmer attacks can be highly profitable for cybercriminals and identity thieves who can easily compromise the financial wellbeing of victims.

We advise all users to stick to good cyber practices and adopt a proactive state of mind by analyzing the security and privacy risks of their online accounts and digital behaviors.

You can start securing your online presence with our ultimate mega-suite plan that takes care of your devices, data and money. Subscribers to our Ultimate Security plan get best-in-class malware protection for up to 10 devices, unlimited VPNtraffic, a password manager and a dedicated identity theft protectionplan (available for the US only) that offers real-time data breach monitoring and fraud monitoring, among many other perks, to protect against identity theft.

Learn more about our ultimate security and privacy mega-suite here.