Following reports on social media and notification to the California Department of Justice, yet another retailer is preparing to communicate details of a breach to their customers. In this instance, the Art dealer and auction house Sotheby’s became aware of unauthorized changes to their ‘Sotheby’s Home’ website on 10 October 2018 and, based on their release (Figure 1), they believe that this code was present since at least March 2017.
As is to be expected with a Magecart compromise, the data believed targeted includes customer payment card details as well as their contact details.
Figure 1 – Sotheby’s draft notification letter
The latest Cyberint news, articles, and research, sent straight to your inbox every month.