Avery Products Corporation is warning it suffered a data breach after its website was hacked to steal customers’ credit cards and personal information.
Avery is an American company that produces and sells self-adhesive labels, apparel branding elements, and printing services.
In a data breach notification sent to impacted customers, Avery discovered they were attacked on December 9, 2024.
Following an internal investigation by digital forensic experts, it was discovered that threat actors had planted a card skimmer on ‘avery.com,’ the company’s online shop domain, on July 18, 2024.
As a result, sensitive payment information customers inputted on Avery’s website between July 18, 2024, and December 9, 2024, were exfiltrated to the threat actors.
“On December 9, 2024, Avery became aware of a ransomware attack relating to certain systems,” reads the notice.
“Avery immediately launched an investigation, with the aid of forensic experts, to determine the nature and scope of the activity.”
“Our investigation determined that an unauthorized actor inserted malicious software that was used to “scrape” credit card information used on our website avery.com between July 18, 2024, and December 9, 2024.”
The data that has been compromised as a result of this breach includes:
- First and last names
- Billing and shipping address
- Email address
- Phone number
- Payment card number, CVV code, and expiration date
- Purchase amount
The exposure does not include Social Security numbers, driver’s license numbers, government-issued ID numbers, and dates of birth.
Still, the data that has been exposed is enough to perform fraudulent transactions on the victims’ names and burden their accounts with unauthorized purchases.
“We do not know if fraudulent charges are related to our website incident, but it now appears possible that payment-card (and other) information may have been acquired as we received two emails from customers who indicated that they incurred a fraudulent charge and/or phishing email,” continued the data breach notification.
“We received a number of similar reports this month. We are therefore providing you with this notice so you can take steps to protect yourself.”
According to the data breach entry on Maine’s Attorney General portal, the incident impacted 61,193 Avery customers.
To mitigate this risk, Avery offers 12 months of free credit monitoring service through Cyberscout.
The notification recipients are also advised to be cautious of unsolicited communications and immediately report any suspicious activity on their accounts to their bank and authorities.
A dedicated assistance line has also been set up to address questions and concerns Avery customers may have about this incident.