The world’s largest supplier of labels said a ransomware attack in December prompted an investigation that led to the discovery of a data breach impacting the information of about 67,000 customers.
In breach notification letters, Avery Products said a ransomware attack was discovered on December 9 and prompted an in-depth investigation led by forensic experts.
They found that “an unauthorized actor inserted malicious software that was used to ‘scrape’ credit card information used on our website” between July 18, 2024, and January 5, 2025, the company said in letters provided to regulators in Maine.
In addition to Maine, the company filed notices in California, Texas, Massachusetts, Vermont and Iowa.
In a letter to Iowa’s attorney general, the company said malware was added to the credit card entry form, allowing the hackers to view and scrape the information entered.
The ransomware attack “did not affect Avery’s internal systems but rather an application used to process payments.”
The company did not respond to requests for comment about whether the same hackers behind the ransomware attack were also behind the malware used to scrape customer information or if the two incidents are connected.
Avery Products said names, billing and shipping addresses, phone numbers as well as payment card information including CVV numbers and expiration dates were stolen.
The letters acknowledge that the company initially believed the stolen information was not used in any way but said two customers have emailed Avery to complain about fraudulent charges and phishing emails.
“We do not know if fraudulent charges are related to our website incident, but it now appears possible that payment-card (and other) information may have been acquired,” the company warned.
Avery Products calls itself the world’s “largest supplier of labels, specialty converted media and software solutions for short-run digital printing applications.” It reported sales of $279 million in Q3 last year.
Recorded Future
Intelligence Cloud.
No previous article
No new articles
Jonathan Greig
is a Breaking News Reporter at Recorded Future News. Jonathan has worked across the globe as a journalist since 2014. Before moving back to New York City, he worked for news outlets in South Africa, Jordan and Cambodia. He previously covered cybersecurity at ZDNet and TechRepublic.
