Zagg’s customer information has been compromised via a third-party hack.
Consumer electronics and iPhone accessory maker Zagg has informed customers that credit card transactions between October 26 and November 7, 2024, may have been compromised due to a hack of a third-party payment processor.
Zagg, based in Utah, specializes in products such as keyboards, phone cases, screen protectors, power banks, and other accessories. It utilizes BigCommerce to process credit card transactions on its website, which also offers an app called FreshClicks for designing commerce-friendly websites.
It was discovered that an attacker had successfully breached the FreshClicks app, inserting malicious code that stole customers’ card details, as reported by BeepingComputer.
Letters sent to Zagg customers detailed that an “unknown actor” had inserted malicious code into the FreshClick app to extract credit card data entered during the Zagg checkout process. This incident occurred between October 26 and November 7.
The breach has been reported to regulatory bodies and federal authorities. Though the number of affected customers remains undisclosed, the attackers managed to obtain names, addresses, and payment card information of customers.
Affected customers were advised in the letter to monitor their financial account activity, including setting up fraud alerts and a credit freeze. Zagg customers whose card details may have been compromised will have their card activity monitored for 12 months by Experian at no cost.
In a statement, BigCommerce assured that its own systems were not breached or compromised. However, after identifying the issue, BigCommerce disabled and removed FreshClicks from its clients’ stores, eliminating compromised APIs and malicious code.