cyber Ransomware

Fitness Depot

May 11, 2023 1 min read
Fitness Depot

Canadian retailer Fitness Depot experienced a security incident.

The breach happened on February 18, 2020, with a malicious form being injected into the online store.

The customer's personal and financial information was stolen following a breach that affected the company's e-commerce platform.

Fitness Depot is Canada's largest specialty exercise equipment retailer, with 40 stores nationwide and two in the United States, Texas, Dallas, and Houston.

The threat actors were able to compromise Fitness Depot's online store and inject a malicious form designed to harvest and exfiltrate customer information.

In such attacks, cybercrime groups known as Magecart groups hack e-commerce stores and inject malicious JavaScript-based scripts into their checkout pages as part of web skimming (aka e-skimming) attacks.

Some customers were affected.

The attackers accessed or stole the information of clients who made purchases for delivery and or who made purchases for in-store pick-up at one of our retail locations.

The information accessed by the attackers included the impacted customers' names, addresses, email addresses, telephone numbers, and credit card numbers.

Source: https://www.bleepingcomputer.com/news/security/fitness-depot-hit-by-data-breach-after-isp-fails-to-activate-the-antivirus/

TPRM report: https://scoringcyber.rankiteo.com/company/fitness-depot

"id": "fit21152123",
"linkid": "fitness-depot",
"type": "Breach",
"date": "02/2020",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization’s existence"
{'affected_entities': [{'customers_affected': 'Some customers',
                        'industry': 'Specialty Exercise Equipment',
                        'location': ['Canada', 'United States'],
                        'name': 'Fitness Depot',
                        'size': '40 stores in Canada, 2 in the United States',
                        'type': 'Retailer'}],
 'attack_vector': 'Web Skimming (e-skimming)',
 'data_breach': {'data_exfiltration': True,
                 'personally_identifiable_information': True,
                 'sensitivity_of_data': 'High',
                 'type_of_data_compromised': ['Personal Information',
                                              'Financial Information']},
 'date_detected': '2020-02-18',
 'description': 'Canadian retailer Fitness Depot experienced a security '
                'incident where a malicious form was injected into the online '
                "store, leading to the theft of customers' personal and "
                'financial information.',
 'impact': {'data_compromised': ['Names',
                                 'Addresses',
                                 'Email addresses',
                                 'Telephone numbers',
                                 'Credit card numbers'],
            'systems_affected': 'E-commerce platform'},
 'initial_access_broker': {'entry_point': 'E-commerce platform'},
 'motivation': 'Financial gain',
 'threat_actor': 'Magecart groups',
 'title': 'Fitness Depot Data Breach',
 'type': 'Data Breach',
 'vulnerability_exploited': 'Malicious form injection'}
Published by
Jeremy C
Jeremy C
You might also like
Breach cyber

Dansons

public 1 min read
The breach involved unauthorized access to customer payment information, affecting 19 New Hampshire residents. The compromised information included names, addresses,…
Jeremy C Jeremy C
Great! Next, complete checkout for full access to Rankiteo Blog.
Welcome back! You've successfully signed in.
You've successfully subscribed to Rankiteo Blog.
Success! Your account is fully activated, you now have access to all content.
Success! Your billing info has been updated.
Your billing was not updated.