Get all your news in one place.
100’s of premium titles.
One app.
Start reading
TechRadar
TechRadar
Craig Hale

Zagg warns customers their data may have been stolen in third-party cyberattack

A person holding a credit card in one hand while typing on a laptop keyboard with the other.

  • An attack on FreshClick has exposed customer payment details and more
  • The extension is used by Zagg’s ecommerce provider, BigCommerce
  • Affected customers are getting free credit monitoring for a year

Zagg has notified affected customers of a data breach that put highly sensitive information at risk, including payment card details.

In a letter dated December 26, 2024 (via the Office of the Maine Attorney General), the company confirmed a 12-day-long attack between October 26 and November 7, which it became aware of one day later on November 8.

The problem stems from an attack on FreshClick, a third-party application used by Zagg’s ecommerce software platform provider BigCommerce.

Zagg confirms cyberattack

“We learned that an unknown actor injected into the FreshClick app malicious code that was designed to scrape credit card data entered as part of the checkout process for certain ZAGG.com customer transactions between October 26, 2024 and November 7, 2024," the company confirmed.

Names, shipping and billing addresses, and payment card information could be at risk as a result.

In recognition of the severity of the attack, Zagg is giving affected customers 12 months’ access to credit monitoring through Experian. It’s also urging customers to monitor their financial accounts, place fraud alerts and consider credit freezes to prevent identity theft.

BigCommerce said (via Bleeping Computer): “Acting in the best interest of our customers and their shoppers, we immediately uninstalled the app in their stores, which removed any compromised APIs and malicious code.”

Basic internet hygiene principles like being cautious about sharing certain information and following potentially malicious links go a long way to protecting consumers against potential attacks, however when an attack affects a third-party service such as this, there’s very little that consumers can do, highlighting the widespread risks of online activity.

Apologizing for the inconvenience, Zagg has established a dedicated phone line for concerned customers to seek further answers and advice.

You might also like

Sign up to read this article
Read news from 100’s of titles, curated specifically for you.
Already a member? Sign in here
Related Stories
Top stories on inkl right now
One subscription that gives you access to news from hundreds of sites
Already a member? Sign in here
Our Picks
Fourteen days free
Download the app
One app. One membership.
100+ trusted global sources.