iPhone accessories maker Zagg has announced a data breach that exposed its customers’ credit card information. The breach occurred due to a compromise in a third-party app provided by Zagg’s e-commerce platform, BigCommerce. The Utah-based company, known for its mobile accessories like screen protectors and phone cases, has an annual revenue of $600 million. ZAGG is currently notifying affected customers about the breach and advising them to take necessary precautions to protect their financial information. The data breach resulted in the theft of names, addresses, and payment card information of shoppers on zagg.com between October and November 2024.
What the company said to its customers
In a letter sent to affected customers (seen by Bleeping Computer), the company stated that the attacker compromised the FreshClicks app provided by BigCommerce and implanted malicious code to steal shoppers’ card information.
“We learned that an unknown actor injected into the FreshClick app malicious code that was designed to scrape credit card data entered as part of the checkout process for certain ZAGG.com customer transactions between October 26, 2024 and November 7, 2024,” Zagg wrote.
ZAGG responded to the incident by implementing remediation measures, notifying federal authorities and regulators, and offering affected individuals 12 months of free credit monitoring via Experian. Affected customers have also been advised to monitor their financial accounts, place fraud alerts, and consider a credit freeze. However, the company has not disclosed the number of customers impacted.
What BigCommerce said about the breach
In a statement to BleepingComputer, BigCommerce said that its systems were neither breached nor compromised. The company identified the FreshClicks App hack using internal tools and subsequently removed the app from its customers’ stores.
“Using our internal tools and in communication with the partner, we verified the third-party FreshClicks App was compromised. Acting in the best interest of our customers and their shoppers, we immediately uninstalled the app in their stores, which removed any compromised APIs and malicious code,” BigCommerce noted.
BigCommerce’s store currently features six add-ons developed by FreshClick, with a total of 178 reviews. However, the compromised plugin may have been temporarily taken down.
The Austin-based SaaS e-commerce platform caters to businesses of all sizes across various industries worldwide. FreshClick, a third-party app available on BigCommerce’s app marketplace, enhances e-store functionality by creating apps and responsive websites to improve customer experience.
