The website for online Precious Metals retailer JM Bullion was hacked earlier this year.
The company began notifying customers recently that malicious code had been discovered on their website. As part of the hack contact information and payment information may have been compromised.
JM Bullion became aware of suspicious activity involving their website around July 6, 2020. As part of the investigation it was determined that malicious code had been installed on their website. The malicious code had been in place for a six month period from February 18, 2020 until July 17, 2020.
During an investigation it was discovered that customers making purchases on their website may have had their data compromised. The data includes personal information, including credit card or banking information captured by a third-party.
The malicious code was removed from their website on July 17, 2020.
The stolen personal identifying information (PII) included customer name, address, and payment card information including account numbers, expiration dates and CVV security codes.
JM Bullion notified potentially effected customers via ‘Notice of Data Security Incident’ letter. What’s not clear from the letter is if the incident involved their website being hacked by a third party.
The data breach spanned six months. Customers that made purchases during this time frame were notified by the company.
The data breach was first reported in the r/Silverbugs group on Reddit by a customer that received the letter.
The hack occurred during a time when investor interest in precious metals reached a peak due to the economic uncertainty caused by the COVID-19 pandemic.
All customers who made purchases on JM Bullion’s site between February 18th, 2020 to July 17th, 2020 should monitor their credit card statements for fraudulent activity.
JM Bullion is one of the largest online precious metals retailers. They sell gold, silver, platinum, palladium and other bullion and coin investment products.
JM Bullion also owns and operates Provident Metals and Silver.com. It’s not clear from the letter whether this hack only impacted customer of jmbullion.com. Or if it also involved their other companies including providentmetals.com and silver.com were also impacted.