Japanese graphics tablet manufacturer Wacom has disclosed the potential compromise of its customers' personal and credit card information following a breach of its online store that may have happened from Nov. 28, 2024, to Jan. 8, 2025, The Register reports.
Additional details regarding the number of individuals whose data may have been impacted, and the actor and process behind the compromise were not provided. However, Wacom assured that it has already resolved the issue that prompted the incident while urging breach notification recipients to be vigilant of any unauthorized activity in their credit card statements, promptly report suspicious charges, and set fraud alerts for their credit cards.While information regarding the incident remains lacking, Wacom may have been compromised through the exploitation of the now-patched critical CosmicSting XML external entity vulnerability in Magento, tracked as CVE-2024-34102. Attacks leveraging CosmicSting have been launched by numerous threat actors and have already breached sites belonging to Whirlpool, Ray-Ban, Segway, and National Geographic.
Additional details regarding the number of individuals whose data may have been impacted, and the actor and process behind the compromise were not provided. However, Wacom assured that it has already resolved the issue that prompted the incident while urging breach notification recipients to be vigilant of any unauthorized activity in their credit card statements, promptly report suspicious charges, and set fraud alerts for their credit cards.While information regarding the incident remains lacking, Wacom may have been compromised through the exploitation of the now-patched critical CosmicSting XML external entity vulnerability in Magento, tracked as CVE-2024-34102. Attacks leveraging CosmicSting have been launched by numerous threat actors and have already breached sites belonging to Whirlpool, Ray-Ban, Segway, and National Geographic.
