The official NIS America Online Store has sent an email to all of its customers, informing them about a security breach which occurred between January 23 to February 26, 2018.
The company said an unauthorized party inserted a malicious piece of code to their checkout page, capturing details such as credit card information, billing address, shipping address, and email address. The intrusion was only discovered on the morning on February 26, a month since the hackers first attached the malicious code.
NIS America has advised customers who made orders between January 23 to February 26 to change all of their passwords, cancel their credit cards, and be wary of fake websites asking for their personal information. A USD5 discount coupon has been given to all customers affected by this incident.
Read the full email sent to customers below:
Notice of Data Breach
FEBRUARY 28th, 2018
Dear Motion Blue :
We are contacting you to notify you of a data breach which occurred between January 23rd, 2018 and February 26th, 2018 on online stores owned and operated by NIS America, Inc., including store.nisamerica.com and snkonlinestore.com. This data breach allowed an unauthorized party to access customer payment and address information for new credit card orders placed between these dates.
Our customers are our top priority, and it is our responsibility to provide a safe and secure environment for you to shop online with confidence. We would like to inform our customers of what happened as a result of this breach, the steps we have taken to resolve it, and what you can do to protect yourself.
Am I impacted by this?
Yes. Your personal information, including your payment information, may have been compromised. Personal information, including payment information, was taken directly from new orders placed using a credit card between January 23rd, 2018 and February 26th, 2018. Orders placed using PayPal during this time period did not have their payment information or PayPal login information skimmed by this process. Orders placed before this time period were not impacted. Based on our information, we have determined that your information may have been affected by this.
On the morning of February 26th, we became aware of a malicious process that had attached itself to our checkout page. This process was being used as far back as January 23rd, 2018 to skim personal information provided by our customers during checkout after they placed an order at our store.
After entering their billing, shipping, and payment information, the customer would be temporarily redirected to an offsite web page not owned or operated by NIS America, Inc. This malicious process would record the information provided by the customer during the checkout process, including credit card information, billing address, shipping address, and email address. Afterward, the malicious process would return the customer to the NIS America store page to complete their transaction.
Transactions conducted in this manner were still successfully completed on the NIS America store pages. However, the payment information recorded by the malicious process could be used for fraudulent charges in the future. Fraudulent payments could be attempted at any storefront that accepts credit card payments, not just NIS America, Inc. store pages.
What information was involved?
The skimming process had access to all information provided by the customer during checkout, including their name, address, credit card number, expiration date and CVV security code, and email address.
We do not collect Social Security numbers, and there is no evidence that any payment or billing information provided prior to January 23rd, 2018 was compromised.
What actions were taken as a result of this issue?
Once we became aware of this issue, we immediately took our store pages offline to prevent any further breaches. After taking our store pages offline, we scanned all our processes to determine the exact point of entry, as well as determine when this change occurred on our online stores. We have taken steps to solve the issue that resulted in this breach, along with several other steps to improve our site’s security.
What you can do to protect yourself:
-Check your bank or credit card statement for suspicious activity, or charges that you do not recognize. If you see any fraudulent or suspicious charges, please contact your bank or credit card’s fraud department. It is possible for any information gathered by this malicious process to be saved and used at a later date, so regularly checking your statements for unusual activity is the best way to ensure your card is not being misused.
-Contact your bank or credit card company to cancel cards you feel may be impacted by this issue, and request a new card. If you request a new card, please remember to update any automatic payments that may attempt to draw from the old card. If replacing a card, you will need to update preorders for future products provided by NIS America, Inc.’s online stores. For secure payment, we can send invoices via email directly from PayPal, which can be paid with or without a PayPal account. PayPal information was not breached during this event.
-Check your credit report for any anomalies. The Federal Trade Commission recommends http://www.annualcreditreport.com/ . Additionally, you can place a free, 90-day fraud alert with one of the three major credit bureaus and/or place a credit freeze on your file to restrict access to your credit report by other parties. For more information, please visit https://www.identitytheft.gov/Steps
-If you have a user account on one of NIS America, Inc.’s online stores, please know that we do not store payment information within these accounts. User accounts are used primarily to track past orders and gain reward points. Data for past orders is stored securely, and will only show the last four digits of a credit card, and will not show the CVV security code or expiration date. It is still recommended to change the password of any accounts you have with a store operated by NIS America, Inc.
-If you encounter any warning messages from your web browser that you may be proceeding to an unsafe page on our site or any other site, stop what you are doing and contact the site’s operators.
-Keep an eye out for fraudulent emails, texts, phone calls, or fake websites trying to get your personal information. Never give out private or personal information, including financial details, unless you can verify the identity of the person or organization contacting you. Don’t respond to texts or emails coming from a contact you don’t recognize, and don’t click on any links they provide. Instead, if you need to check your account, type the site address you want to visit into your browser and securely log into your account.
-NIS America will never ask you for your personal information, payment information, or password via email, unless contacted to do so by our customers via our customer support channels. Updated payment information is only collected through PayPal, using either an invoice or direct payment.
We know that this issue and the steps needed to resolve it can be frustrating. We share these feelings, and we pledge to do our best to get this issue resolved, and prevent it from happening again. At this time, we can say that we have identified the issue, removed it from our website, and taken steps to prevent this issue from recurring, as well as added new security to our online stores. We would not be reopening our online stores if we did not feel confident that they are a safe place to shop.
We are committed to earning back your trust and confidence, and we hope to have the opportunity to serve you again soon. We will be sending out codes for a $5.00 discount on your next purchase from our online store to those impacted by this issue within the next few days. We understand that this is a small token, but we hope it will show our commitment and appreciation of our customers as we begin to regain your trust.
If you have any questions or concerns, please feel free to contact us and we would be happy to assist you in any way that we can. We can be reached anytime at firstname.lastname@example.org.
We are determined to provide you with a safe and secure shopping experience going forward. We hope to see you on our online stores again soon.
NISA Online Store team