News Insights: Garmin SA Shopping Portal Breach Leads to Theft of Payment Data

In a series of notifications sent to its customers, Garmin Southern Africa (Garmin SA) disclosed that payment and sensitive personal information were stolen from orders placed on the shop.garmin.co.za shopping portal. According to Malwarebytes security researcher Jérôme Segura, Magecart group may be responsible as the portal runs on a Magento CMS leading to customers’ data being harvested with the help of a payment card skimmer embedded on the site’s payment page https://www.bleepingcomputer.com/news/security/garmin-sa-shopping-portal-breach-leads-to-theft-of-payment-data/

News Insights:

Deepak Patel, security evangelist for PerimeterX, provided the following comments:

“This latest episode is an indicator that Magecart attacks are far from over. The modern web application stack relies on third-party scripts obtained from a variety of providers, not all of whom have strong security practices. Website owners lack visibility into the third-party scripts running on the users’ browsers within the context of their site. Many website owners are also unaware of all the first-party scripts running on their site. In this particular case, it is quite possible Magecart attackers leveraged Magento to skim credit card information from Garmin’s South Africa site. This attack also highlights the steps Magecart attackers take to avoid detection. We have seen instances in the past where skimmers targeted specific geographies outside of the main site’s headquarters to remain undetected.

“This lack of visibility impacts both website owners and users. It’s impossible for website users to discern if a website is compromised by a Magecart attack. Users see the secure padlock next to the URL on their browser address bar and feel comfortable about using the site.

“In addition to staying up to date with the latest versions of critical platform components, website owners need to take another step: get visibility and control of all the scripts running on their website, whether first- or third-party or another part of the supply chain.”