According to a recent disclosure made by the company, both the retail giant’s main website, and the website of their subsidiary, Icing, were compromised.
They were hit by what appears to be a Magecart attack.
The company’s disclosure reads in part as follows:
“On Friday, we identified an issue related to our e-commerce platform and took immediate action to investigate and address it. Our investigation identified the unauthorized insertion of code to our e-commerce platform designed to obtain payment card data entered by customers during the checkout process. We removed that code and have taken additional measures to reinforce the security of our platform.
We are working diligently to determine the transactions that were involved so that we can notify those individuals. Cards used in our retail stores were not affected by this issue. We have also notified the payment card networks and law enforcement. It is always advisable for cardholders to monitor their account statements for unauthorized charges.
The payment card network rules generally provide that cardholders are not responsible for unauthorized charges that are timely reported. We regret that this occurred and apologize to our customers for any inconvenience caused”
The attack apparently came just one day after the retailer closed down all of their brick and mortar shops worldwide as a result of the COVID-19 pandemic. Based on the investigation to this point, the hackers were actively trying to steal customer credit card data between April 30th and June 13th, 2020.
If you or any member of your family has made a purchase on either the Claire’s website or their subsidiary site Icing, be aware that your payment card information may have been compromised. Be sure to alert your credit card issuing company right away, and be on the alert for any suspicious charges that may appear on the card or cards used to make those purchases.