Magecart style attacks, also called “E-skimming,” have become very popular with threat actors to steal payment card information from websites. This type of attack requires attackers to change JavaScript files that are part of the affected website. Organizations that operate websites requiring online payments should closely monitor the checkout pages of their website for any unexpected changes to JavaScript files included on the checkout pages. When entering payment information on a website, it is safest to use a payment system such as PayPal that does not reveal the payment card number directly. Some banks offer the option to use virtual credit cards for online payments that can only be used for transactions with a designated merchant and prevent fraudulent use of the virtual card number. If that is not an option, it is recommended to use a credit card instead of a debit card, so that any fraud on the card does not result in money being directly debited from an attached checking account. Always pay attention to charges on statements or sign up for text alerts to quickly spot fraudulent transactions on a credit card and report fraud to the issuing bank. If a frequented site has been affected by a Magecart style of attack, the credit card used on that site should be canceled immediately. Source: https://www.zdnet.com/article/school-management-software-provider-discloses-severe-security-breach/