State of New Jersey SealOFFICIAL SITE OF THE STATE OF NEW JERSEY

Claire’s and Icing Websites Compromised to Steal Payment Data

NJCCIC Alert

Original Release Date: 6/19/2020

Summary

Between April 25 and June 13, the websites of both Claire’s and its sister brand Icing were compromised with payment skimmers that sent payment information to threat actors when customers submitted their checkout form. The company notified payment card networks and law enforcement, but it is unclear whether affected customers have been contacted yet. Information on the website compromises can be found in the Sansec report. A recent NJCCIC alert highlighted the risk to increased online shopping and the potential for checkout pages to be compromised in what are known as Magecart attacks.

Recommendations

The NJCCIC advises customers who made purchases on either affected website to monitor financial accounts and consider requesting new payment cards. Additionally, we encourage users to follow the recommendations within the previous NJCCIC alert, including using credit cards over debit cards and continually monitoring financial accounts for unauthorized activity.

Join & Subscribe

Never miss an update! Sign up for a no cost membership today! Receive up-to-date content and more in our weekly bulletin.

Sign Up

Featured Content

New Jersey Cybersecurity & Communications Integration Cell

2 Schwarzkopf Dr, Ewing Township, NJ 08628

njccic@cyber.nj.gov

OUR COMMITMENT

The NJCCIC is a component organization within the New Jersey Office of Homeland Security and Preparedness. We are the State's one-stop-shop for cyber threat analysis, incident reporting, and information sharing and are committed to making New Jersey more resilient to cyber threats by spreading awareness and promoting the adoption of best practices.

Agency Seals of State of NJ, NJOHSP and NJCCIC

STAY CONNECTED:

View our Privacy Policy here.

View our Site Index here.