Zagg experiences a data breach resulting from vulnerabilities in a third-party service.
Zagg, the Utah-based manufacturer of consumer electronics and accessories for iPhones, has alerted its customers about potential compromises to credit card transactions that occurred during the period of October 26 to November 7, 2024. This incident stemmed from a security breach involving a third-party payment processing service.
Known for producing an array of products such as keyboards, screen protectors, phone cases, and portable chargers, Zagg utilizes BigCommerce for its transaction processing on their online platform. Additionally, they offer FreshClicks—a tool designed to facilitate the creation of e-commerce websites.
Recent reports indicate that an unauthorized entity successfully infiltrated the FreshClicks application by injecting harmful code aimed at extracting sensitive card information from users during the checkout process at Zagg. BeepingComputer highlights this concerning development.
In notifications sent out to impacted clients, Zagg detailed how an unidentified intruder was able to manipulate FreshClicks and compromised customer information between October 26 and November 7 by harvesting credit card data inputted during purchases.
While specific figures regarding those affected remain undisclosed, it has been confirmed that personal details—including names, addresses, and payment card information—were unlawfully accessed. Authorities have been notified about this security lapse.
To safeguard their interests moving forward, customers were advised through these communications to closely observe their bank account statements along with considering placing alerts against fraud or freezing their credit reports. Furthermore, Zagg customers whose financial details might have been exposed will benefit from complimentary monitoring services provided by Experian for up to twelve months.
In response to these developments, BigCommerce reassured its clients that there was no compromise within its systems. Upon discovering the issue with FreshClicks after the breach was identified، necessary actions were taken swiftly—disabling and uninstalling the application effectively eliminating any compromised APIs or harmful code responsible for collecting customer data unlawfully.