Cybercriminals have stolen card details from over 4,000 UK online retailers by exploiting a vulnerability in popular ecommerce software Magento, the UK’s National Cyber Security Centre (NCSC) has warned.
The NCSC – a division of GCHQ – is urging ecommerce businesses to update Magento, an open source ecommerce platform that was acquired by Adobe in 2018 for $1.68bn.
Failing to update Magento and other ecommerce software could lead to an attack resulting in “financial and reputational damage”, the NCSC said.
Card skimming sees criminals intercept and make copies of debit or credit cards while they are being used at an ATM or at checkout online.
In total, the NCSC said it notified 4,151 ecommerce companies that they were running a vulnerable version of the software up until the end of September.
The card skimming warning comes in the build up to the annual Black Friday shopping event, which is regularly targeted by cybercriminals.
“We want small and medium-sized online retailers to know how to prevent their sites being exploited by opportunistic cyber criminals over the peak shopping period,” said Sarah Lyons, NCSC deputy director for economy and society. “Falling victim to cyber crime could leave you and your customers out of pocket and cause reputational damage.”
In October 2020 British Airways was fined £20m by the Information Commissioner’s Office (ICO) for failing to protect 400,000 customers from a card skimming breach two years earlier. That fine was heavily reduced from the £183m initially proposed by the data regulator.
Infamous hacking group Magecart had successfully injected code to the airline’s website to steal personal and financial data.
The NCSC made the warnings via its Active Cyber Defence programme, which aims to proactively warn UK businesses and consumers about cyber threats.
“Skimming and other cyber security breaches are a threat to all retailers,” said Graham Wynn, assistant director for consumer, competition and regulatory affairs at the British retail Consortium.
“The British Retail Consortium strongly urges all retailers to follow the NCSC’s advice and check their preparedness for any cyber issues that could arise during the busy end of year period.”
The post Cybercriminals steal card details from 4,000 ecommerce firms – NCSC appeared first on UKTN (UK Tech News).
