Avery Discovers Credit Card Scraper Following Ransomware Attack

Avery Products, the world’s largest supplier of labels, has disclosed that a ransomware attack in December led to the discovery of a separate data breach involving the theft of customer credit card information. The breach, affecting around 67,000 customers, was identified during an internal investigation following the December 9 ransomware attack.

According to breach notification letters sent to regulators in multiple states, including Maine, California, Texas, Massachusetts, Vermont, and Iowa, forensic experts found that hackers had inserted malicious software into Avery’s payment processing application. The malware was active between July 18, 2024, and January 5, 2025, scraping credit card details entered on the company’s website.

Avery clarified that while the ransomware attack did not compromise its internal systems, it affected a third-party application used for processing payments. The stolen data includes customers’ names, billing and shipping addresses, phone numbers, and complete payment card details, including CVV numbers and expiration dates.

The company has not confirmed whether the same threat actors were responsible for both the ransomware attack and the credit card scraping malware. However, two customers have already reported fraudulent transactions and phishing attempts, raising concerns that the stolen information may be in use.

Avery, which reported $279 million in sales for Q3 last year, has not provided further details on how the breach occurred or whether additional security measures have been implemented. The incident underscores the growing risks businesses face from cyberattacks targeting payment infrastructure.