Excellent

Newsletter Signup Click Here

JM Bullion Website Hacked, Personal Details Stolen

Author: Corey McDowell - Economics Editor

Published: 4 Nov 2020

Last Updated: 5 Nov 2020

Synopsis

A large precious metals bullion dealer in the United States has been the target of a sophisticated hacking operation which has left the sensitive details of thousands of investors exposed to cyber-criminals. 

JM Bullion Hacked: Image Credit - Markus Spiske, CC0 1.0

Undercover Hackers

The cyber-attack went unnoticed to customers for five months, after which they were notified. The hackers had embedded malicious coding on JM Bullion’s site which captured personal and payment information from customers. The timing of the attack was between 18th February and 17th July. Customers who had purchased off the company’s website during that period were only notified of the leak in sensitive information at the start of November.

In a letter addressed to affected customers, the company’s CEO Michael Wittmeyer stated:

“JM Bullion takes the security of personal information in its care very seriously... In response to this incident, JM Bullion notified law enforcement, our card processor, and the credit card brands, and continues to work with them as needed. We also reviewed our internal procedures and implemented additional safeguards on our website to protect customer information in our possession.”

MageCart

This type of cyber-attack is known as ‘MageCart’. It works by embedding lines of malicious JavaScript coding into certain areas of a website. These scripts gather information entered by the customer, such as bank card details, names and addresses, and then send the stolen data to a remote server under the hacker’s control. This sensitive information can then be used to defraud the victims.

Those who are the victims of such criminality must act quickly to cancel exposed bank cards and secure their accounts. In the case of JM Bullion, the fact that it went unnoticed for so long to customers means thousands of investors could be affected. Being a high-value business selling precious metals means the scope of financial loss could be huge.

Another aspect which should be highlighted in this case is the leaking of home addresses of people who own thousands of dollars worth of bullion, which could get targeted in future.

Cyber Security at Chards

We, alongside other bullion dealers, experience attempted hacking attacks regularly, and all company websites, regardless of industry, suffer this fate. Alongside MageCart, a few other examples of cyber-attacks include DDOS, SQL injection and cross site scripting, phishing, malware and brute force password attacks. Obviously, we take such external threats very seriously. Every year, we spend tens of thousands of pounds to keep sensitive data safe and we are constantly making sure we are ahead of cyber-criminals.

There are thousands of hacking attempts on all servers across the world every day as most hacking attempts look to exploit the vulnerabilities in the most popular platforms, for example WordPress. This increases the chances of hackers getting data for the least amount of effort. This is one of the reasons we invest so heavily in our custom site, building bespoke parts not only suited to our needs, but with us fully in control of security and not reliant on any third party. This is the long way around, as shortcuts into Magento and WordPress can get you doing business quicker, but it comes with risks.

For those unwilling to transact over the Internet, we also welcome payment by cash and cheque. This can be paid in person at our showroom in Blackpool or by mail, however we do not recommend sending cash through the post.

Defences Against Hacking

We regularly test our defences by simulating hacking attacks on our site. Such testing makes sure our defences are completely robust, and is known as ‘penetration testing’ (pen test). This involves ethical hackers attempting to break into our system to get access to data or inject SQL. A successful pen test would be one where they cannot access data in any way - something which our developers at Chards are very proud to say they achieved.

Further Reading

Have a read through our Precious Metals and Coin News section for more informative articles.

This guide and its content is copyright of Chard (1964) Ltd - © Chard (1964) Ltd 2021. All rights reserved. Any redistribution or reproduction of part or all of the contents in any form is prohibited.

We are not financial advisers and we would always recommend that you consult with one prior to making any investment decision.

You can read more about copyright or our advice disclaimer on these links.