Garmin SA sent notification emails to its customers and recommended them to review and monitor all their payment card records for any unauthorised purchases. Affected customers who received the data security incident notification are also urged to reach out to their bank or payment card providers if they see or suspect any fraud.
The compromised data was limited to only Garmin’s South Africa site, and contained payment information, including the number, expiration date and CVV code for users payment card, along with first and last name, physical address, phone number and email address.
While the cause of the breach is not mentioned in the notification email to the impacted Garmin SA customers, there are signs that the shop.garmin.co.za portal was the victim of a Magecart group, according to BleepingComputer. Seeing that the portal runs on a Magento CMS there is a high probability that the Garmin SA customers data was harvested with the help of a payment card skimmer embedded on the sites payment page.
Every day we send out a free e-mail with the most important headlines of the last 24 hours.
Subscribe now