US gun retailers Rainier Arms and Numrich Gun Parts have revealed data breach incidents resulting from card skimmer attacks on their websites (rainierarms.com and gunpartscorp.com).
The attackers managed to gain access to highly sensitive customer information, including credit or debit card numbers and names.
According to a data breach notice sent to impacted customers, Rainier Arms said that it first discovered unauthorized payment card activity on its website beginning in December.
“We immediately began an investigation and engaged an outside firm to perform a forensic review of our website,” the company said in the letter sent to affected customers.
This investigation identified malicious code that had been active on its website for over six months.
“On April 21, 2022, our investigation identified malicious code designed to capture information entered into our website, including payment card information,” the gun retailer said. “The investigation determined that an unauthorized party may have accessed payment card information entered onto our website between June 1, 2021 and January 19, 2022.”
The notice was shared with the Attorney General’s office of Montana and disclosed over 46,000 impacted customers.
Numrich Gun Parts Corporation fell victim to a similar incident affecting 45,169 customers, according to a data breach notice filed with the Office of the Maine Attorney General.
“On or about March 28, 2022, Numrich became aware of suspicious activity occurring within its e-commerce website,” the company said. “The investigation determined that an unknown actor gained access to certain customer payment information entered into our website between January 23, 2022 and April 5, 2022.”
The stolen information included names, addresses, and payment card information.
Both companies advised customers to remain alert against crimes related to identity theft and to immediately report any fraud to their financial institutions and law enforcement.