Get all the details on Magecart and formjacking attacks and learn how to protect your brand.

Disclaimer - These attacks were made known to the public, but for many no final statement was ever made. We are listing the breaches for public knowledge only after they have been reported to the press.

Malicious code was injected into the websites of household brand Tupperware is stealing customers’ credit card details.

Magecart Group 8, snuck malicious code onto NutriBullet’s website to collect financial information from customers who purchased blenders and other products from the company. The attack began on Feb. 20 and continues today

The notification reveals that an attacker gained unauthorized access to the company’s web server somewhere around mid last year and stole payment information of customers that were entered into its website for over five months, between August 3, 2019, and January 14, 2020.


Kitchen & Couch was infected on the 19th of February 2020 until the 25th of February 2020.

SoleStar was infected from the 11th of January 2020 until at least the 25th of February 2020.

An Olympic Ticketing website was compromised by a skimmer using the domain for data exfiltration. The malicious script may have been on the website for over 50 days.


When a visitor of the site adds an item to their cart, such as a donation, a malicious credit-card skimmer script named ATMZOW will be loaded into the checkout pages.

Hanna Andersson disclosed that its online purchasing platform was hacked and malicious code was deployed to steal customers’ payment info for almost two months.


The company revealed that it was breached by some sort of cyber attack that targeted customer information. The LifeLabs data breach included lab test results and national health card numbers along with personally identifiable information including names, dates of birth, home addresses and email addresses. Login IDs and passwords appear to have also been compromised in the breach.

Digital skimming hackers have been in action again, this time targeting the website of a leading US gun-maker and its customers.

The web site for UK activewear retailer Sweaty Betty has been hacked to insert malicious code that attempts to steal a customer’s payment information when making purchases. The hackers modified the script to add malicious code to the bottom.

267 million Facebook users IDs and phone numbers exposed online. Most of the affected users were from the United States.


Macy’s confirmed Tuesday that some of its online shoppers’ payment details were compromised after hackers cracked into its “Checkout” and “My Wallet” pages.

An unauthorized party had accessed information related to its customers’ order made from the OnePlus website. The information that has been accessed by the unauthorized party include users’ name, contact number, email and shipping address. However, OnePlus assures that critical information such as payment information, passwords and account details are safe. Moreover, the data breach only affects a select number of OnePlus customers.

It relates to a single file created in 2015 that contained details associated with approximately 3 million customers in UniCredit’s Italian market. The breached document included customer names, telephone numbers, email addresses and cities. It also said that the problem did not extend to any other personal or banking details, nor would the compromised content allow hackers to carry out unauthorized transactions.


If a customer visited or, they may have had their payment card data read and stolen during the three-year timeframe.
The notification letter stressed that the hacker did not have access to medical records. But credit card information could have been stolen at any time during the impacted timeframe.


Data from some Poshmark users was acquired by an unauthorized third party.” The company said that the stolen data “does not include any financial or physical address information” and that it shouldn’t have compromised any passwords.


Breach of third-party collection vendor American Medical Collection Agency (AMCA). Quest Diagnostics, one of the largest blood-testing laboratories in the U.S., announced in June that an unauthorized user had accessed data on nearly 11.9 million patients, including credit card numbers, bank information, Social Security numbers, and medical information, but not laboratory test results. In July, LabCorp reported a similar incident affecting 7.7 million patients. Both exposures were attributed to a data breach at AMCA, a collection agency.


OpenCart sites were hit by the Magecart group to steal credit card information entered by users. OpenCart is in the top three most frequent shopping platforms worldwide

An unauthorized third party accessed some of its user data on May 4, affecting about 4.9 million customers, merchants and DoorDash delivery people who joined the platform on or before April 5, 2018. In this case, the company said not enough information was released for hackers to ring up fraudulent charges.


Hackers planted credit card skimming code on its ecommerce site. Anyone ordering merchandise on or after 20 April 2019 had their name, address, and credit card details stolen by the malicious code, which logs victims’ keystrokes at the point of entry.


Clothing and camping equipment retailer Kathmandu has revealed that an “unidentified third party” may have had access to its online ecommerce website. The third party may have captured customer personal information and payment details entered at check-out


Topps issued a data breach notification stating that it was affected by an attack, which possibly exposed the payment and address information of its customers. “It is possible that this incident compromised names, mailing addresses, telephone numbers, e-mail addresses, and payment information (including credit/ debit number, card expiration date, and security code) for customers who completed a purchase through the Topps website


Fashion site Sixth June leading card data to Magecart hackers

UniCredit Breach Impacts 3 Million Clients


Marriott reported unauthorized access to the database containing guest information related to Starwood properties’ reservations since 2014. Name, mailing address, phone number, email address, passport number, Starwood Preferred Guest (“SPG”) account information, date of birth, gender, arrival and departure information, reservation date, and communication preferences have been stolen. For some guests, the exposed information includes payment card numbers and their expiration dates.

Customer data of its Dunkin Donuts Perks loyalty program may have been stolen. Hackers were able to steal first and last names of customers, email addresses and account information for DD Perks.

Payment card information of the online flower shop 1-800-Flowers customers has been stolen due to a security issue persistent for about four years. The compromised information includes users’ full names, payment card numbers, expiration date, and card security code.


Stolen data includes passenger name, date of birth, nationality, email, phone number, frequent flyer programme membership number, physical addresses, 245,000 Hong Kong ID card numbers, 860,000 passport numbers, customer service remarks and details related to passenger’s travel history.


Hackers stole the data of anyone who booked a flight through the British Airways website over a two-week period. The pilfered data included login details, payment information, travel booking information, and addresses.

Hackers injected 15 lines of card skimming code on Newegg’s payments page which remained for more than a month. The code siphoned off credit card data from unsuspecting customers to a server controlled by the hackers with a similar domain name — likely to avoid detection. The code also worked for both desktop and mobile customers


Ticketmaster point-of-sale systems were compromised. Personal information compromised includes names, addresses, email addresses, telephone numbers, payment details and login details.


Hackers inject Magecart card skimmer in Forbes’ Subscription Site


Customers’ payment card and contact information may have been compromised after cybercriminals breached the website.Attackers may have obtained information such as name, billing ZIP code, delivery address, email address, and payment card data, including card number, expiration date and CVV.

Cybercriminals accessed Equifax consumers’ personal data, including their full names, Social Security numbers, birth dates, addresses, and driver license numbers. After a settlement with Equifax, consumers can now file a claim for free credit monitoring or a cash payment of $125. If you spent time recovering from the breach or lost or spent money because of the breach, you can request payment of up to $20,000.