Recently, Rainier Arms, LLC reported a data breach after an unauthorized party was able to install a malicious line of code that skimmed customers’ credit card numbers from the company’s online store. According to Rainier, the breach resulted in the names and credit or debit card numbers of 46,319 customers being compromised. On June 2, 2022, Rainier filed official notice of the breach and sent out data breach letters to all affected parties.
If you received a data breach notification, it is essential you understand what is at risk and what you can do about it. To learn more about how to protect yourself from becoming a victim of fraud or identity theft and what your legal options are in the wake of the Rainier Arms data breach, please see our recent piece on the topic here.
What We Know About the Rainier Arms Data Breach
According to an official notice filed by the company, in December of 2021, Rainier Arms began receiving reports from customers who had recently made a purchase on the company’s website. These customers told the company that they experienced “unauthorized payment activity” on their cards shortly after their purchase from Rainier Arms.
In response, Rainier Arms worked with cybersecurity professionals to assess the situation and conduct an investigation to the extent of any compromised data. On April 21, 2022, this investigation confirmed the existence of a line of malicious code that was designed to capture customers’ payment card information during the checkout process. Further investigation revealed that the code was in place between June 1, 2021 and January 19, 2021.
Upon discovering that sensitive consumer data was accessible to an unauthorized party, Rainier Arms then went back to identify all potentially impacted customers. On June 2, 2022, Rainier Arms sent out data breach letters to all affected individuals, informing them that their names and debit or credit card numbers were exposed.
More Information About Rainier Arms, LLC
Rainier Arms, LLC is a firearms accessory retailer based in Auburn, Washington. Founded in 2005, Rainier Arms sells high-end tactical rifles, pistols & shotguns, as well as various other parts, optics and accessories. The company also has an advisory team of enthusiasts, law enforcement, & military personnel to help customers with their purchasing decisions. Rainier Arms sells to individuals, as well as military and law enforcement organizations. Rainier Arms has approximately 37 people and brings in approximately $7 million in revenue on a yearly basis.
What Are Data Scraping Attacks?
Rainier Arms did not use the term “data scraping” to describe the recent data security incident. However, based on the company’s explanation of what happened, it appears as though this is a classic example of a data scraping attack.
Data scraping is nothing new—and it is used all the time for lawful purposes. Data scraping simply refers to the process in which someone uses bots to extract information from a website. Search engines use data scraping when crawling a website after a user plugs in a search term to determine which sites will be the most useful to the searcher. However, hackers can use malicious software in conjunction with data scraping techniques to obtain credit and debit card data along with other personal information that enables them to make fraudulent purchases.
When hackers target a website in a data scraping attack, customers won’t notice anything unusual. The website will look and function just as it normally would. However, by surreptitiously placing malicious code on the back-end, hackers receive the customer’s name and credit or debit card information when they put in their credit card information. This allows hackers to obtain large amounts of financial data, which they can then use to conduct identity theft or simply use the payment information to make purchases.
While data scraping attacks are undetectable to consumers, organizations that have employed adequate data security measures can often detect these attacks, limiting hackers’ ability to obtain sensitive financial data belonging to customers.