Avery Products, the world’s largest supplier of labels, has disclosed a significant data breach following a ransomware attack in December 2024. The company’s internal investigation revealed that malicious actors inserted a credit-card scraper on its website, exposing sensitive customer payment data.
According to breach notification letters provided to regulators, Avery detected the ransomware attack on December 9, 2024. In response, the company engaged forensic experts to assess the extent of the intrusion. Their findings indicated that an unauthorized party had injected malware into the company’s online payment system, allowing attackers to capture credit card information entered between July 18, 2024, and January 5, 2025.
Regulatory filings were submitted in multiple states, including Maine, California, Texas, Massachusetts, Vermont, and Iowa. In a letter to Iowa’s attorney general, Avery explained that the malware was embedded in the credit card entry form, enabling unauthorized parties to intercept and extract sensitive payment data.
Nature and Scope of the Data Breach
Avery clarified that the ransomware attack did not compromise its internal systems but specifically targeted an external application used for processing payments. The compromised data includes:
- Names
- Billing and shipping addresses
- Phone numbers
- Payment card details, including CVV numbers and expiration dates
Initially, Avery believed that the stolen information had not been used for fraudulent activities. However, two customers have since reported unauthorized charges and phishing attempts. While the company has not confirmed a direct link between the breach and these fraudulent activities, they acknowledged the possibility that payment information may have been compromised.
Unanswered Questions and Company Response
Avery has yet to clarify whether the same threat actors responsible for the ransomware attack were also behind the credit-card scraping malware or if the two incidents were separate but coincidental breaches. The company has not responded to inquiries regarding potential overlaps between the two security incidents.
As a global leader in label production and specialty converted media, Avery Products operates a substantial online business. The company reported $279 million in sales for Q3 2024. Given the scale of the breach and its potential implications for thousands of customers, cybersecurity experts warn that additional cases of fraud may surface in the coming months.
Avery has urged all affected customers to monitor their financial statements closely and report any suspicious activity to their banks. The company is also offering credit monitoring services to impacted individuals while it works to strengthen its security measures and prevent future breaches.
As investigations continue, this incident serves as yet another reminder of the growing cyber threats faced by companies handling sensitive payment data. Organizations must remain vigilant in protecting consumer information and ensuring robust security measures are in place to counter evolving digital threats.
Help us bring real change! Corporate lobbying has corrupted our system for too long, and it’s time to take action. Please sign and share this petition—your support is crucial in restoring accountability to our government. Every signature counts! Thank you!
https://www.ipetitions.com/petition/restore-our-republic-end-lobbying
Support truth, health, and preparedness by shopping the Alex Jones Store through our link. Every purchase helps sustain independent voices and earns us a 10% share to fuel our mission. Shop now and make a difference!
https://thealexjonesstore.com?sca_ref=7730615.EU54Mw6oyLATer7a
Sponsored • TRJ Ads
Inquiries: contact@therealistjuggernaut.com
