Wacom reports breach of e-commerce platform, customer data potentially breached

Japan-based Wacom, a leading manufacturer of graphics tablets widely used by professional artists and designers, has disclosed a potential data breach affecting customers who made purchases through their official online store.

The security incident occurred between November 28, 2024, and January 8, 2025, during which threat actors maintained unauthorized access to the company's e-commerce platform. Cybercriminals may have successfully exfiltrated customer payment information during the six-week compromise period.

The exposed data may include customers' credit card details, though the specific types of information compromised have not been explicitly detailed by the company.

While the company has not disclosed the total number of affected individuals or attack vector, security experts suggest the incident likely involved a payment page skimmer, particularly given that Wacom's web shop is powered by Magento, a frequently targeted e-commerce platform.

Wacom has stated that not all customers were impacted by the breach, and notifications are being sent only to those potentially affected.