Fitness Depot

Canadian retailer Fitness Depot experienced a security incident.

The breach happened on February 18, 2020, with a malicious form being injected into the online store.

The customer's personal and financial information was stolen following a breach that affected the company's e-commerce platform.

Fitness Depot is Canada's largest specialty exercise equipment retailer, with 40 stores nationwide and two in the United States, Texas, Dallas, and Houston.

The threat actors were able to compromise Fitness Depot's online store and inject a malicious form designed to harvest and exfiltrate customer information.

In such attacks, cybercrime groups known as Magecart groups hack e-commerce stores and inject malicious JavaScript-based scripts into their checkout pages as part of web skimming (aka e-skimming) attacks.

Some customers were affected.

The attackers accessed or stole the information of clients who made purchases for delivery and or who made purchases for in-store pick-up at one of our retail locations.

The information accessed by the attackers included the impacted customers' names, addresses, email addresses, telephone numbers, and credit card numbers.

Source: https://www.bleepingcomputer.com/news/security/fitness-depot-hit-by-data-breach-after-isp-fails-to-activate-the-antivirus/

"id": "FIT21152123",
"linkid": "fitness-depot",
"type": "Breach",
"date": "02/2020",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization’s existence"