Recently, Numrich Gun Parts Corporation (“Numrich”) confirmed that an unauthorized party was able to access customer payment information used to make purchases on the company’s website, https://www.gunpartscorp.com/. According to Numrich, the breach resulted in the names, addresses, credit or debit card numbers, security codes, and expiration dates being compromised. On June 6, 2022, Numrich filed official notice of the breach and mailed out data breach letters to all affected parties. As many as 45,169 people were affected by the Numrich data breach.
If you received a data breach notification, it is essential you understand what is at risk and what you can do about it. To learn more about how to protect yourself from becoming a victim of fraud or identity theft and what your legal options are in the wake of the Numrich Gun Parts data breach, please see our recent piece on the topic here.
What We Know About the Numrich Gun Parts Data Breach
The Numrich Gun Parts data breach was the result of an unauthorized party accessing payment card information on the company’s online store. Evidently, on March 28, 2022, Numrich was made aware of suspicious activity relating to its online store, www.gunpartscorp.com.
In response, the company launched an investigation into the incident, eventually confirming that an unauthorized party gained access to certain customer payment information entered into the website between January 23, 2022 and April 5, 2022. That same day, Numrich prevented the unauthorized party from accessing its online store and then reviewed all purchases to determine which customers were affected by the incident.
While the breached information varies depending on the individual, it may include your name, address, and credit or debit card information, including your card number, security code, and expiration date.
On June 6, 2022, Numrich Gun Parts sent out data breach letters to 45,169 individuals whose information was compromised as a result of the recent data security incident.
More Information About Numrich Gun Parts Corporation
Numrich Gun Parts Corporation is a firearm parts retailer based in Kingston, New York. The company is the largest retailer of gun parts in the world, logging over $14 million in annual sales. Founded in 1950, Numrich specializes in acquiring and selling modern and obsolete original and replacement gun parts from all major manufacturers, both foreign and domestic. Numrich Gun Parts employs more than 75 people, and the company’s warehouses contain over one million cubic feet of storage.
What Led to the Numrich Data Breach?
Although Numrich did not provide details about how the unauthorized party was able to access customer payment information, it would appear that this is a classic example of a data scraping attack.
Data scraping doesn't so much describe a cyberattack as it does a way of obtaining data. In fact, many businesses use data scraping to gather information from websites for legitimate purposes. In general terms, data scraping refers to someone using an automated program to extract information from a website. For example, search engines like Google use data scraping when crawling websites to determine which sites are most useful to the searcher based on their search terms.
However, hackers can use data scraping to obtain information from a website as well. When a hacker employs a data scraping strategy in orchestrating a cyberattack, the website will appear completely normal, and customers won’t notice anything unusual. However, by surreptitiously placing malicious code on the back-end of a company’s online store, hackers can transmit customers’ names and credit or debit card information when they make a purchase. This allows hackers to obtain valuable financial data, which they often then use to make unauthorized purchases or commit other frauds.
While data scraping attacks are not detectable to consumers, businesses that maintain robust data security systems should be able to detect the malicious code shortly after it’s installed.
