Leading graphics tablet manufacturer Wacom has disclosed a significant security breach affecting its online store’s payment processing system. The incident, which occurred between November 28, 2024, and January 8, 2025, potentially exposed customers’ payment card information to unauthorized access. The company has initiated a comprehensive investigation and is actively notifying affected customers.
Breach Analysis: Magecart-Style Web Skimmer
Preliminary forensic analysis indicates the presence of a sophisticated web skimmer specifically targeting Wacom’s Magento-based e-commerce platform. The malicious code was designed to intercept payment card data in real-time during checkout processes, representing a variant of the increasingly prevalent Magecart-style attacks. The security team confirmed the vulnerability has been patched, and a targeted notification was sent to customers who made purchases during the six-week compromise window.
Customers Who Purchased from Wacom Online Store Between Skimming Dates
Customers who completed purchases on Wacom’s direct online store between November 28, 2024, and January 8, 2025 are at risk of having had their payment card details — including card number, expiry date, and CVV — captured by the skimmer. Wacom has not disclosed the total number of affected accounts. The breach does not affect customers who used PayPal or other redirect-based payment methods, as the skimmer targeted data entered directly into the Magento checkout form.
What Affected Customers Should Do Now
- Review all payment card transactions from late November 2024 through January 2025 and flag any unrecognized charges to your bank.
- Contact your card issuer to request a replacement card, especially if the compromised card is still active.
- Enable real-time SMS or push transaction alerts on all payment accounts.
- Place a fraud alert or credit freeze with major credit bureaus if you suspect identity theft.
- Enable two-factor authentication on your Wacom account and any account sharing the same password.
Industry-Wide Implications
This security incident is part of a broader pattern of web skimming attacks targeting Magento-based e-commerce stores. Similar breaches have affected several major brands in recent years, underscoring a systemic risk in Magento deployments without Content Security Policy (CSP) headers and real-time file integrity monitoring. Industry analysis indicates a significant rise in e-commerce-targeted attacks, driven by the high value of harvested payment data and the difficulty of detecting injected skimmer scripts in production environments. Merchants running Magento stores are advised to audit third-party scripts, enforce strict CSP policies, and review the security advisories relevant to their platform stack regularly.
