ZAGG Inc reports third party breach affecting customer's credit card information
Learn More
ZAGG Inc., a Utah-based consumer electronics accessories manufacturer is reporting a data breach affecting their customer's credit card information. The incident occurred through a compromise of a third-party application called FreshClicks, which was provided through their e-commerce platform provider, BigCommerce.
The security incident took place between October 26, 2024, and November 7, 2024, when malicious actors breached the FreshClicks app and injected malicious code designed to scrape credit card data during the checkout process on ZAGG.com.
The exposed data includes:
- Customer names
- Addresses
- Payment card data
The number of affected individuals has not been disclosed by ZAGG.
BigCommerce, an Austin-based SaaS e-commerce platform provider, claim that their systems remained secure and were not compromised during this incident. After discovering the compromise through their internal tools, BigCommerce uninstalled the FreshClicks app from their customers' stores, effectively removing any compromised APIs and malicious code.
ZAGG has notified federal law enforcement and regulators, arranged free 12-month credit monitoring services through Experian for affected individuals and provided guidance to affected customers regarding fraud alerts and credit freezes
