Cyber Incident Victim: Rainier Arms
Date:
Jun 2021
Location:
United States of America
Summary
Rainier Arms experienced a cybersecurity breach involving credit card skimming malware on its e-commerce platform, compromising customer payment details such as card numbers, CVV codes, names, addresses, and phone numbers during a multi-month period. The malicious code, disguised within site elements like favicons, harvested data from checkout pages, leading to unauthorized transactions. Over 46,000 customers were affected, with the breach discovered months after initial reports of fraudulent activity. The incident not only posed financial risks but also heightened concerns about customer safety due to the sensitive nature of firearms purchases, potentially exposing individuals to targeted criminal exploitation.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
The Rainier Arms data breach involved unauthorized access to the e-commerce platform rainierarms.com through a credit card skimmer infection. The malicious code, designed to harvest payment details during online checkout, operated undetected from June 1, 2021, until January 19, 2022. Rainier Arms first became aware of potential issues in December 2021 when customers reported unauthorized activity on payment cards used for purchases on their site. Following these reports, the company initiated an investigation that culminated in the identification and removal of the skimming code on April 21, 2022. The compromised data included credit card numbers, expiration dates, CVV codes, customer names, phone numbers, and addresses—sufficient information for threat actors to conduct fraudulent transactions. Rainier Arms issued breach notifications to 46,319 affected customers whose payment details were entered during the seven-month exposure period, advising them to replace their compromised cards through their financial institutions.
A parallel incident occurred at Numrich Gun Parts Corporation (gunpartscorp.com), where attackers deployed similar card-skimming malware between January 23 and April 5, 2022, affecting 45,169 customers. Both breaches involved JavaScript-based skimmers, either embedded directly into the websites or loaded via compromised elements like favicons. The theft of payment card data exposed victims to direct financial fraud through unauthorized purchases. Additionally, the nature of the targeted businesses introduced secondary risks: stolen customer information could enable criminals to identify individuals who purchased firearms or related components, potentially exposing them to physical theft or targeted scams. Neither company disclosed technical specifics about the skimmer’s delivery mechanism or whether other personal data beyond payment details was accessed. The incidents highlight the operational and reputational consequences for merchants in regulated industries when third-party payment systems are compromised.