Breach at Garmin SA shopping portal leads to theft of payment data

Friday 13 September 2019 10:52 CET | News

Garmin Southern Africa (Garmin SA) has disclosed that payment and sensitive personal information were stolen from orders placed on the shopping portal.

Garmin SA sent notification emails to its customers and recommended them to review and monitor all their payment card records for any unauthorised purchases. Affected customers who received the data security incident notification are also urged to reach out to their bank or payment card providers if they see or suspect any fraud.

The compromised data was limited to only Garmin’s South Africa site, and contained payment information, including the number, expiration date and CVV code for users payment card, along with first and last name, physical address, phone number and email address.

While the cause of the breach is not mentioned in the notification email to the impacted Garmin SA customers, there are signs that the portal was the victim of a Magecart group, according to BleepingComputer. Seeing that the portal runs on a Magento CMS there is a high probability that the Garmin SA customers data was harvested with the help of a payment card skimmer embedded on the sites payment page.

Free Headlines in your E-mail

Every day we send out a free e-mail with the most important headlines of the last 24 hours.

Subscribe now

Keywords: Garmin Southern Africa, data breach, payment data, cybersecurity, card skimming, South Africa
Countries: World

Industry Events