Blundstone, a renowned footwear company, has disclosed a cybersecurity incident involving its e-commerce platform powered by Adobe Commerce (formerly Magento). On November 12, 2024, the company identified unauthorized access that exploited a plugin vulnerability, enabling a third party to install malicious code. This code created a duplicate checkout webpage designed to capture customer contact and payment information during online transactions.
Blundstone advises all customers to remain vigilant against fraud and identity theft. Customers should monitor their financial accounts and credit reports for suspicious activity and report any unauthorized transactions to the appropriate institutions.
If you made a transaction on Blundstone’s website during the incident timeframe, it’s recommended to review your accounts and consider contacting your bank or credit card provider for additional security measures.
Information Potentially Compromised
The data affected may include:
- First and last name
- Email address
- Billing and shipping addresses
- Phone number
- Payment card details, including the card number, expiration date, and CVV code
