Date: 16th October 2024 (based on article's date)
Subject: Analysis of the Avery Products Corporation Data Breach
Source: Article: "Label giant Avery says website hacked to steal credit cards" (from a larger website including various tech news and guides).
This document analyses a recent data breach affecting Avery Products Corporation, a US-based label and printing services company. The breach involved a card skimmer being placed on their website, 'avery.com,' resulting in the exfiltration of sensitive customer data including credit card information. The breach occurred over a five-month period, impacting over 60,000 customers and highlights the significant risks associated with online payment systems and the need for robust cybersecurity measures. The incident also highlights the evolving tactics used by threat actors, in this case, combining a card skimmer with a ransomware attack.
2. Key Facts and Findings:
- Nature of the Breach: The breach was caused by the implantation of a card skimmer on Avery’s website, 'avery.com', allowing hackers to steal customer payment information.
- Timeline:July 18, 2024: Card skimmer was placed on the website.
- December 9, 2024: Avery became aware of a ransomware attack and subsequently discovered the card skimmer.
- January 15, 2025: Article reporting the breach is published.
- Compromised Data:"First and last names"
- "Billing and shipping address"
- "Email address"
- "Phone number"
- "Payment card number, CVV code, and expiration date"
- "Purchase amount"
- Important Note: Social Security numbers, driver’s licenses, government ID numbers, and dates of birth were not compromised.
- Impacted Customers: 61,193 customers according to the data breach entry on Maine's Attorney General portal.
- Discovery: The breach was discovered following a ransomware attack on Avery's systems, indicating a possible multi-faceted attack strategy by the threat actors. According to the notification: “On December 9, 2024, Avery became aware of a ransomware attack relating to certain systems."
- Customer Reports: Avery began investigating after receiving emails from customers reporting fraudulent charges and phishing attempts. "We do not know if fraudulent charges are related to our website incident, but it now appears possible that payment-card (and other) information may have been acquired as we received two emails from customers who indicated that they incurred a fraudulent charge and/or phishing email."
- Mitigation Measures:Avery has launched an investigation with forensic experts.
- 12 months of free credit monitoring is offered to affected customers via Cyberscout.
- A dedicated assistance line has been set up to address customer queries.
- Customers are advised to be vigilant and report any suspicious activity to their banks and the authorities.
- Sophistication of Cyber Attacks: This incident highlights the sophistication of modern cyber attacks, where card skimming is combined with ransomware tactics. It also underscores that websites, even those belonging to established companies, are not immune to such attacks.
- Importance of Early Detection: The five-month gap between the initial compromise and discovery of the card skimmer is significant. It demonstrates the need for continuous security monitoring and anomaly detection systems.
- Data Privacy and Security: The breach exposes significant amounts of sensitive customer data, including financial information, leading to potential identity theft and financial fraud.
- Consumer Awareness: The article stresses the importance of consumer vigilance and proactive measures to protect their financial and personal information.
- Multi-faceted Attacks: The coupling of the data breach with a ransomware attack indicates the growing sophistication and persistence of threat actors.
- "Our investigation determined that an unauthorized actor inserted malicious software that was used to "scrape" credit card information used on our website avery.com between July 18, 2024, and December 9, 2024."
- "We do not know if fraudulent charges are related to our website incident, but it now appears possible that payment-card (and other) information may have been acquired as we received two emails from customers who indicated that they incurred a fraudulent charge and/or phishing email,"
- "We received a number of similar reports this month. We are therefore providing you with this notice so you can take steps to protect yourself."
5. Implications and Recommendations:
- For Businesses:Strengthen Security Measures: Implement robust security measures to detect and prevent card skimming attacks on websites. This includes continuous security scanning, intrusion detection systems and website behaviour monitoring.
- Regular Security Audits: Conduct regular security audits of online platforms and payment processing systems, to identify vulnerabilities.
- Incident Response Plans: Ensure incident response plans are up-to-date and tested to effectively address security incidents, including data breaches.
- Enhanced Monitoring: Implement enhanced monitoring for unusual website activity, especially in payment-related areas, to quickly identify and respond to attacks.
- For Consumers:Monitor Accounts: Regularly monitor bank and credit card statements for suspicious transactions.
- Be Alert to Phishing: Be cautious of unsolicited emails or phone calls requesting personal information.
- Take Advantage of Credit Monitoring: Utilise free credit monitoring services offered following breaches.
- Report Suspicious Activity: Immediately report any suspected fraud or phishing attempts to banks and relevant authorities.
The Avery data breach serves as a stark reminder of the pervasive threat of cybercrime and its potential impact on both businesses and consumers. It highlights the necessity for strong security practices, proactive monitoring, and a robust incident response strategy. Both businesses and consumers need to adopt a proactive posture to mitigate risk. The breach also serves as a useful case study in the evolving tactics of threat actors.
