Wacom warns users their data may have been stolen in breach

A computer being guarded by cybersecurity.

(Image credit: iStock)

Wacom has started notifying customers about a security incident
Threat actors managed to steal payment information from an undisclosed number of people
The attack has been addressed, Wacom says

Design hardware firm Wacom has warned its customers that it may have lost their personal data, including payment information.

A report from The Register says the company believes the attack took place between November 28 2024, and January 8, 2025, and it is currently notifying affected individuals.

In the email notification letter, Wacom notes, "The issue that contributed to the incident has been addressed and is effectively being investigated. However, we are now writing only to customers who might have been potentially affected by this."

A credit card skimmer?

Those that don’t get an official Wacom communication should consider themselves safe for now. Those that get the email should definitely start monitoring their credit card statements, and possibly even consider placing a fraud alert on their credit cards.

Wacom did not detail the attack at this point. Therefore, we don’t know who the attackers are, how they managed to infiltrate the company’s web shop, or how many people are affected.

While still in the domain of speculation, The Register believes a credit card skimmer code might have been involved, especially since Wacom’s web shop is powered by Magento.

Magento is a wildly popular open-source ecommerce platform, and as such is a frequent target. For example, in late July 2024, researchers reported on a creative technique involving so-called swap files being used to deploy persistent credit card skimmers on Magento sites. Earlier still, in April, cybersecurity researchers found a critical vulnerability in Magento allowing threat actors to deploy persistent backdoors onto vulnerable servers.

If you’re interested in learning more, make sure to read our definitive Magento hosting guide.

Via The Register

Travel data of almost 500,000 users exposed in Daytrip leak
Take a look at our guide to the best identity theft protection
These are the best endpoint security tools right now

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.