Wacom notifies customers of security breach, potential payment data compromise
Wacom, a global leader in digital pen and tablet technology, has begun notifying customers about a security breach that may have compromised their personal and payment information. The design hardware company disclosed that the breach occurred between November 28, 2024, and January 8, 2025, though the number of affected individuals remains undisclosed.
According to a report from The Register, Wacom has sent email notifications to potentially impacted customers, urging them to monitor their credit card statements for any suspicious activity. The company also recommended that affected individuals consider placing a fraud alert on their credit cards as a precautionary measure.
In its communication, Wacom assured customers that the security issue leading to the breach has been addressed. "The issue that contributed to the incident has been addressed and is effectively being investigated. However, we are now writing only to customers who might have been potentially affected by this," the company stated.
Despite confirming the breach, Wacom has yet to disclose specific details about the nature of the attack, the identity of the perpetrators, or how they managed to infiltrate its webshop. Given that Wacom’s online store operates on Magento, speculation has arisen that the breach may have involved a credit card skimming attack. Magento, a widely used open-source e-commerce platform, has been a frequent target for cybercriminals in recent years.
In July 2024, cybersecurity researchers identified a technique involving swap files to deploy persistent credit card skimmers on Magento-powered sites. In April, security experts uncovered a critical Magento vulnerability that allowed threat actors to install persistent backdoors on vulnerable servers. Given this history, experts suspect a similar method may have been used in the Wacom breach.
Wacom has assured its customers that it is actively investigating the incident while reinforcing security measures to prevent further attacks.a In the meantime, customers who have received notifications are urged to take immediate action to safeguard their financial information.
Most Viewed
New rules, rising threats: why lean IT teams must rethink cyber-securitySponsored by CORO CYBER SECURITY
Don’t allow AI experiments to become quiet business risksSponsored by alice.io
The Expert View: Reducing cyber-risk across OT and critical infrastructureSponsored by Claroty
The Expert View: Transforming security through risk intelligenceSponsored by Obrela
Winston House, 3rd Floor, Units 306-309, 2-4 Dollis Park, London, N3 1HF
23-29 Hendon Lane, London, N3 1RT
020 8349 4363
© 2025, Lyonsdown Limited. teiss® is a registered trademark of Lyonsdown Ltd. VAT registration number: 830519543