Rainier Arms, LLC Reports Data Breach Affecting Credit Card Numbers of Over 46,000 Customers | Console and Associates, PC
Recently, Rainier Arms, LLC reported a data breach after an unauthorized party was able to install a malicious line of code that extracted customer credit card numbers from the company’s online store. According to Rainier, the breach resulted in the names and credit or debit card numbers of 46,319 compromised customers. On June 2, 2022, Rainier filed a formal notice of breach and sent data breach letters to all affected parties.
If you have received a data breach notification, it is essential that you understand what is at risk and what you can do about it. To learn more about how to protect yourself against fraud or identity theft and what your legal options are following the Rainier Arms data breach, please see our recent article on the subject. here.
What we know about the Rainier Arms data breach
According to an official notice filed by the company, in December 2021, Rainier Arms began receiving reports from customers who had recently made a purchase on the company’s website. These customers told the company that they experienced “unauthorized payment activity” on their cards shortly after purchasing from Rainier Arms.
In response, Rainier Arms worked with cybersecurity professionals to assess the situation and investigate the scope of the compromised data. On April 21, 2022, this investigation confirmed the existence of a line of malicious code designed to capture customers’ payment card information during the checkout process. Further investigation revealed that the code was in place between June 1, 2021 and January 19, 2021.
After discovering that sensitive consumer data was accessible to an unauthorized party, Rainier Arms then went back to identify all potentially affected customers. On June 2, 2022, Rainier Arms sent data breach letters to all affected individuals, notifying them that their names and debit or credit card numbers were exposed.
More information about Rainier Arms, LLC
Rainier Arms, LLC is an Auburn, Washington-based gun accessories retailer. Founded in 2005, Rainier Arms sells high-end tactical rifles, pistols and shotguns, as well as a variety of other parts, optics and accessories. The company also has an advisory team comprised of enthusiasts, law enforcement, and military personnel to assist customers with purchasing decisions. Rainier Arms sells to individuals, as well as military and law enforcement organizations. Rainier Arms employs approximately 37 people and generates approximately $7 million in revenue annually.
What are data scraping attacks?
Rainier Arms did not use the term “data scraping” to describe the recent data security incident. However, based on the company’s explanation of what happened, it appears to be a classic example of a data harvesting attack.
Data scraping is nothing new and it is used all the time for lawful purposes. Data scraping simply refers to the process by which someone uses bots to extract information from a website. Search engines use data scraping when crawling a website after a user enters a search term to determine which sites will be most useful to the searcher. However, hackers can use malware in conjunction with data harvesting techniques to obtain credit and debit card data and other personal information that allows them to make fraudulent purchases.
When hackers target a website in a data-scraping attack, customers don’t notice anything unusual. The website will appear and function as it normally would. However, by surreptitiously placing malicious code on the back-end, the hackers receive the customer’s name and credit or debit card information when they enter their credit card information. This allows hackers to obtain large amounts of financial data, which they can then use to carry out identity theft or simply use payment information to make purchases.
While data scraping attacks are undetectable to consumers, organizations that have employed adequate data security measures can often detect these attacks, limiting hackers’ ability to obtain sensitive financial data belonging to customers.