ZAGG Discloses Data Breach Affecting People Nationwide

On November 8, 2024, ZAGG Inc, a leading consumer electronics company, discovered a data breach that compromised sensitive customer information. The breach occurred due to a malicious attack on a third-party application called "FreshClick," which was integrated into ZAGG's e-commerce platform, BigCommerce.

According to the investigation, an unknown actor injected malicious code into the FreshClick app, enabling the theft of payment card data entered by customers during the checkout process on ZAGG.com. The malicious activity occurred between October 26, 2024, and November 7, 2024.

The breach exposed the following types of consumer information:

• Names
• Addresses
• Payment card data, including credit and debit card numbers

The breach has been reported to multiple state attorney general offices. For example, the Maine Attorney General's office disclosed that six residents of Maine were affected. Similarly, the Massachusetts Attorney General's office reported that 37 residents of Massachusetts were impacted. The Vermont Attorney General's office also received a disclosure about the breach.

While the total number of affected individuals across the United States has not been reported, it is clear that the breach has had a significant impact on customers who made purchases on ZAGG's website during the specified timeframe.

ZAGG's response

ZAGG Inc took immediate action upon learning of the breach. The company worked with its e-commerce platform provider, BigCommerce, to secure the ZAGG.com website and launched an investigation to determine the scope of the incident.

Federal law enforcement agencies were notified, and ZAGG has been cooperating with regulatory authorities to address the breach.

To help affected customers, ZAGG is offering complimentary access to Experian IdentityWorks for a specified period. This service includes credit monitoring, identity restoration support, and up to $1 million in identity theft insurance. Additionally, the company has implemented enhanced security measures to prevent similar incidents in the future.

Steps for affected individuals

If you believe you may have been affected by this data breach, it is important to take the following steps to protect your personal information and financial accounts:

1. Monitor your financial accounts. Regularly review your bank and credit card statements for unauthorized transactions. Report any suspicious activity to your financial institution immediately.
2. Obtain your free credit report. Visit AnnualCreditReport.com to request a free copy of your credit report from each of the three major credit reporting bureaus (Equifax, Experian, and TransUnion).
3. Place a fraud alert or credit freeze. Consider placing a fraud alert or credit freeze on your credit file to prevent unauthorized access. Contact the credit bureaus directly to initiate these measures.
4. Enroll in credit monitoring services. Take advantage of the complimentary Experian IdentityWorks membership offered by ZAGG. Follow the instructions in the notice to consumers to enroll before the deadline.
5. Remain vigilant. Be cautious of phishing emails or phone calls that attempt to exploit the breach. Avoid sharing sensitive information unless you can verify the legitimacy of the request.

For additional guidance, you can contact the Federal Trade Commission at IdentityTheft.gov or your state's attorney general office.