JM Bullion

JM Bullion operates as an online retailer specializing in the sale of precious metals, offering products such as gold, silver, platinum, and palladium in the form of coins, bars, and rounds to investors and collectors. The company conducts its business primarily through a web‑based platform that allows customers to browse inventory, place orders, and arrange for delivery or storage of their purchases. Its headquarters is located in the United States of America, and it serves a customer base that accesses the site from across the country and, in some cases, from international locations seeking to acquire physical precious metals. The firm’s core activity revolves around facilitating the acquisition of tangible assets that are often used for wealth preservation, portfolio diversification, or hobbyist collecting. By focusing exclusively on precious metals commerce, JM Bullion positions itself within a niche segment of the broader e‑commerce and commodities markets, where trust in product authenticity and transaction security is paramount.

On February 18, 2020, JM Bullion experienced a significant security incident when attackers injected malicious scripts into its website, a tactic commonly associated with MageCart‑style web skimming campaigns. The injected code operated over a five‑month period, capturing personally identifiable information and payment details entered by customers during the checkout process, including names, addresses, credit card numbers, expiration dates, and security codes. This data was transmitted to servers controlled by the attackers, exposing a substantial number of shoppers to potential fraud and identity theft. Upon discovering the breach, JM Bullion promptly removed the malicious script from its site, initiated an investigation, and notified relevant law enforcement agencies and payment card processors to mitigate further harm. The company also issued public advisories urging affected customers to monitor their financial statements for unauthorized activity and to consider placing fraud alerts or credit freezes if deemed necessary. The incident highlighted the vulnerabilities inherent in online retail environments that handle high‑value transactions and underscored the importance of robust web application security measures for businesses in the precious metals sector.