Analyst Notes: Any customers who entered details into a checkout on either Claire’s or Icing online stores should keep a close eye on their bank statements for unfamiliar charges. Stolen credit cards are not always used immediately, so regularly checking bank statements is a good habit to get into. It is important to note that a customer does not always need to complete checkout for Magecart-style attacks to be successful. Site administrators should consider File Integrity Monitoring (FIM) solutions to monitor webroot directories. With FIM, administrators can be alerted to any file modifications that may happen in monitored directories, quickly putting a stop to these types of attacks. It is also important to monitor scripts hosted on third-party servers for modifications or use a sandbox technology that prevents third-party scripts from unauthorized actions such as stealing user input in form fields. Finally, monitoring workstations and servers for unusual behavior can provide early warning when attackers gain control of systems and allow security personnel to respond by cutting off the attacker’s access. Source: https://sansec.io/research/magecart-corona-lockdown