They are the latest company to fail to secure customer data

According to a recent disclosure made by the company, both the retail giant's main website and the website of their subsidiary, Icing, were compromised.

They were hit by what appears to be a Magecart attack.

The company's disclosure reads as follows

"On Friday, we identified an issue related to our e-commerce platform and took immediate action to investigate and address it. Our investigation identified the unauthorized insertion of code to our e-commerce platform designed to obtain payment card data entered by customers during the checkout process. We removed that code and have taken additional measures to reinforce the security of our platform.

We are working diligently to determine the transactions that were involved so that we can notify those individuals. Cards used in our retail stores were not affected by this issue. We have also notified the payment card networks and law enforcement. It is always advisable for cardholders to monitor their account statements for unauthorized charges.

The payment card network rules generally provide that cardholders are not responsible for unauthorized charges that are timely reported. We regret that this occurred and apologize to our customers for any inconvenience caused"

The attack apparently came just one day after the retailer closed down all of their brick and mortar shops worldwide as a result of the COVID-19 pandemic. Based on the investigation to this point, the hackers were actively trying to steal customer credit card data between April 30th and June 13th, 2020.

Our perspective

If you or any member of your family has made a purchase on either Claire's website or their subsidiary site Icing, be aware that your payment card information may have been compromised. Be sure to alert your credit card issuing company right away, and be on the alert for any suspicious charges that may appear on the card or cards used to make those purchases.

~ As Hill Street Blues' Sgt. Esterhaus always advised: "Hey, let's be careful out there! " ~


The author

Thanks for reading this short post. For more tips on thriving with small business technology, check out the other blog posts at DWPia Blogs. I am also available on LinkedIn, Facebook, and Twitter.

Cybersecurity Expert, Small Business Technology Consultant, Managed Services Provider, Managed IT SupportI am Denis Wilson, President and Principal Consultant for DWP Information Architects. I build people / process / technology solutions to create better business outcomes for smaller enterprises in Los Angeles. I have created cost-effective personal service automation solutions, for over 20 years, specializing in reliability, cybersecurity, and regulatory compliance. I am also a published author and speaker, working extensively with business and professional associations to provide small business technology education programs.

Contact me if you would like me to speak at your association