Cyber Incident Victim: JM Bullion
Date:
Feb 2020
Location:
United States of America
Summary
JM Bullion, an online precious metals retailer, suffered a data breach when attackers compromised its website to inject malicious scripts that stole customers' personal and payment information during checkout over a five-month period. The MageCart-style attack captured names, addresses, payment card numbers, expiration dates, and security codes, transmitting them to attackers' servers. The company removed the malicious code upon discovery, notified law enforcement and credit card processors, and advised affected customers to monitor for fraudulent transactions.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 2 techniques |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
JM Bullion, an online retailer specializing in precious metals such as gold, silver, copper, platinum, and palladium products, experienced a cybersecurity breach involving unauthorized access to its website. The incident began on February 18, 2020, when attackers injected malicious scripts into the site’s infrastructure. These scripts operated undetected for nearly five months, actively capturing customer payment information during online transactions. JM Bullion became aware of suspicious activity on July 6, 2020, prompting an immediate investigation supported by a third-party forensic specialist. The investigation confirmed the presence of malicious code designed to intercept data entered by customers during checkout processes. This code remained active until its removal on July 17, 2020, marking a total exposure period of 150 days. The attack methodology aligned with MageCart-style compromises, where threat actors exploit web vulnerabilities to harvest payment details in real time. During the breach window, any customer making a purchase risked having their sensitive information exfiltrated to servers controlled by the attackers.
The compromised data included customers’ full names, billing addresses, payment card account numbers, card expiration dates, and security codes (CVV/CVC). JM Bullion notified law enforcement agencies, its credit card processor, and relevant credit card brands following the containment of the breach. The company did not publicly disclose the total number of affected individuals but confirmed all customers transacting between February 18 and July 17, 2020, were potentially impacted. Direct notifications urged customers to scrutinize their credit card statements for unauthorized transactions and report fraudulent activity to their card issuers. No evidence suggested theft of non-payment data such as passwords or Social Security numbers. The malicious scripts exclusively targeted payment form submissions, indicating a focused financial motive. JM Bullion’s post-incident actions centered on removing the malicious code, coordinating with external cybersecurity experts, and fulfilling regulatory disclosure obligations without offering identity protection services.