Cyber Incident Victim: Emma Matratzen GmbH

Emma Matratzen GmbH, operating as Emma Sleep Company, experienced a Magecart-style cyberattack targeting its online checkout process between January 27 and March 22, 2022. The attackers compromised the Adobe Magento e-commerce platform to inject malicious JavaScript code that dynamically loaded from their servers, enabling them to intercept customers' payment card data as it was entered into form fields during transactions. This skimming operation captured credit or debit card details regardless of whether users completed their purchases. The company confirmed the attack exploited sophisticated evasion techniques to bypass existing security monitoring tools designed to detect unauthorized script modifications. While Emma Sleep Company emphasized it never stored or processed payment card data internally, the attack circumvented these safeguards by capturing information in real time during browser interactions before transmission to third-party payment processors.

The incident impacted approximately 97,000 customers across 12 countries, with stolen data including names, postal addresses, email addresses, phone numbers, and payment card details. Emma Sleep Company began notifying affected customers via email during the week of March 22, 2022, advising them to contact financial institutions to monitor for fraudulent activity. The company reported no evidence of successful misuse of the stolen data as of late March 2022. Internal investigations determined attackers employed elaborate countermeasures to hinder forensic analysis, though the Magento platform maintained up-to-date security patches. Emma Sleep Company reported the breach to German data protection authorities, consistent with its headquarters location, and publicly disclosed the attack's technical mechanism through statements from CEO Dennis Schmoltzi. Security remediation efforts focused on removing the malicious code and reinforcing monitoring of checkout page scripts.