‘JM Bullion’ Hacked and Customer Credit Card Details Stolen

Published on November 2, 2020
Written by:
Bill Toulas
Bill Toulas
Cybersecurity Journalist

Users of ‘JM Bullion’ are getting notices of a data security incident via post mail, informing them that hackers may have stolen their sensitive personal information. The online precious metals dealer talks about “malicious scripts” on their site, so it looks like the attack involves MageCart actors. The scripts were present on the site between February 18, 2020, and July 17, 2020, so we’re talking about a period of five full months.

Credits: AuAgBug | Reddit

During this time frame, people who checked out using their credit cards had their sensitive information stolen by the hackers, as JM Bullion’s IT team confirms that all of the entered info was sent to a remote server.

On July 6, 2020, the firm initiated an investigation with the assistance of a third-party expert, following relevant reports. Unfortunately, it took them another ten days only to locate the scripts and uproot the malicious code that was running on the webpages.

The type of information that was stolen by the hackers includes the following:

Unfortunately, the hackers got everything they’d need to use these cards and buy stuff from online shops. JM Bullion has informed the card processor, the affected banks, and the law enforcement authorities. Still, users need to be vigilant, too, and report any transactions they don’t recognize to the card issuer immediately.

Related: The ‘Warner Music Group’ Announced a Credit Card Data Breach

If you have any questions about what you should do from now on, feel free to call 'JM Bullion' at 1-877-540-1441, which is a line they set up specifically for this incident. Identity theft and fraud are also within the scope of possibilities, but the firm hasn’t covered the affected individuals with monitoring services of this kind.

Besides the unfortunate event of losing their payment details, the customers of ‘JM Bullion’ now also have to deal with the exposure of their names and home addresses. This means that malicious individuals now know where these people live and where the gold is, so the risk for physical thefts rises too. If you are in this position, maybe you would want to take your gold to a bank locker or a different address.

If you are looking to buy bullion online, prefer electronic payment methods or even cryptocurrencies. Paying with your card always comes with MageCart risks, and users can’t dig into the source code of web pages every time they need to buy something online.



For a better user experience we recommend using a more modern browser. We support the latest version of the following browsers: For a better user experience we recommend using the latest version of the following browsers: