Source URL: https://www.theregister.com/2025/01/30/wacom_data_loss/
Source: The Register
Title: Wacom says crooks probably swiped customer credit cards from its online checkout
Feedly Summary: Digital canvas slinger indicates dot-com was skimmed for over a month
Graphics tablet maker Wacom has warned customers their credit card details may well have been stolen by miscreants while they were buying stuff from its website.…
AI Summary and Description: Yes
Summary: Wacom has alerted customers that their credit card information may have been compromised during a breach on its e-commerce site, likely due to a vulnerability related to page skimming. This incident underscores the importance of robust security measures in e-commerce and highlights ongoing risks associated with vulnerabilities in widely-used software.
Detailed Description:
– **Incident Overview**: Wacom informed customers via email that their payment information could have been stolen during online transactions from late November 2024 to early January 2025.
– **Nature of the Breach**: The company suspects that attackers may have used a payment page skimmer to capture sensitive card details in real-time as customers made purchases on their website.
– **Security Flaw Speculation**:
– Wacom operates its e-commerce platform using Magento, and it is speculated that attackers exploited a severe vulnerability known as CVE-2024-34102 (rated 9.8/10 on the CVSS severity scale).
– This vulnerability, which affected numerous online merchants, allowed hackers to infect checkout pages and siphon off credit card data.
– The incident appears to align with similar exploits observed in the past affecting companies like Ray-Ban and Whirlpool.
– **Response Measures**:
– Wacom stated that the security issue has been addressed and is currently under investigation. They communicated with potentially affected customers and indicated their commitment to resolve the situation.
– **Timing of Notification**: Concerns arise regarding the timing of Wacom’s notification, as it seems they delayed informing customers for over three weeks after discovering the breach.
– **Implications for E-commerce Security**:
– This incident exemplifies the risks e-commerce platforms face from cyber attacks, especially those leveraging known software vulnerabilities.
– It emphasizes the need for ongoing vigilance and proactive security assessments within organizations, particularly those handling payment data.
– **Customer Advice**: Wacom advises affected customers to monitor their finances closely, highlighting the potential long-term impact of such security breaches on consumer trust.
This incident serves as a reminder for security and compliance professionals to continuously evaluate their own systems for vulnerabilities, implement robust security measures, and maintain clear communication with customers regarding their data safety.