Zagg warns customers their data may have been stolen in third-party cyberattack

A person holding a credit card in one hand while typing on a laptop keyboard with the other.

(Image credit: Shutterstock / Kostenko Maxim)

An attack on FreshClick has exposed customer payment details and more
The extension is used by Zagg’s ecommerce provider, BigCommerce
Affected customers are getting free credit monitoring for a year

Zagg has notified affected customers of a data breach that put highly sensitive information at risk, including payment card details.

In a letter dated December 26, 2024 (via the Office of the Maine Attorney General), the company confirmed a 12-day-long attack between October 26 and November 7, which it became aware of one day later on November 8.

The problem stems from an attack on FreshClick, a third-party application used by Zagg’s ecommerce software platform provider BigCommerce.

Zagg confirms cyberattack

“We learned that an unknown actor injected into the FreshClick app malicious code that was designed to scrape credit card data entered as part of the checkout process for certain ZAGG.com customer transactions between October 26, 2024 and November 7, 2024," the company confirmed.

Names, shipping and billing addresses, and payment card information could be at risk as a result.

In recognition of the severity of the attack, Zagg is giving affected customers 12 months’ access to credit monitoring through Experian. It’s also urging customers to monitor their financial accounts, place fraud alerts and consider credit freezes to prevent identity theft.

BigCommerce said (via Bleeping Computer): “Acting in the best interest of our customers and their shoppers, we immediately uninstalled the app in their stores, which removed any compromised APIs and malicious code.”

Basic internet hygiene principles like being cautious about sharing certain information and following potentially malicious links go a long way to protecting consumers against potential attacks, however when an attack affects a third-party service such as this, there’s very little that consumers can do, highlighting the widespread risks of online activity.

Apologizing for the inconvenience, Zagg has established a dedicated phone line for concerned customers to seek further answers and advice.

We’ve listed thebest identity theft protection
Check out the best privacy tools and anonymous browsers
Third-party data breaches have become a major security concern

With several years’ experience freelancing in tech and automotive circles, Craig’s specific interests lie in technology that is designed to better our lives, including AI and ML, productivity aids, and smart fitness. He is also passionate about cars and the decarbonisation of personal transportation. As an avid bargain-hunter, you can be sure that any deal Craig finds is top value!